NS2中基于AODV协议实现的请求洪泛攻击

转载地址：http://narentada.com/what-is-flood-attack-code-for-request-flood-attack-in-aodv-routing-protocol/

Mobile ad hoc networks will often be deployed in environments where the nodes of the networks are unattended and have little or no physical protection against tampering. The nodes of mobile ad hoc networks are thus susceptible to compromise. The networks are
particularly vulnerable to denial of service (DOS) attacks launched through compromised nodes or intruders. The new DOS attack, called Ad Hoc Flooding Attack (AHFA), can result in denial of service when used against on-demand routing protocols for mobile ad
hoc networks, such as AODV, DSR. The intruder broadcasts mass Route Request packets to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. The injected packet is fake packet, attacker put his own define value
in RREQ packet in order to make this attack for dangerous.

The attacker selects many IP addresses which are not in the networks. No node in the network can answer RREP packets for these RREQ. The attacker successively originates mass RREQ messages for these void IP addresses. The attacker will resend the RREQ packets
without waiting for the RREP or round-trip time. They flood the RREQ messages at particular time interval. Their neighbor nodes don‟t know the route to that destination so rebroadcast RREQ. Attacker constantly injects false RREQ packets into the network.
Due to false generation, attacker can introduce a new DOS attack to exhaust the communication bandwidth and node resource so that the valid communication cannot be kept. If attacker is out of control it will flood the entire network and degrade the performance
of Manet‟s very high extent.

Motivation to prevent flood attack

Flooding RREQ packets in the whole network will consume a lot of resource of network. To reduce congestion in a network, the AODV protocol adopts some methods. A node can not originate more than RREQ_RATELIMIT RREQ messages per second. After broadcasting a
RREQ, a node waits for a RREP. If a route is not received within round-trip milliseconds, the node may try again to discover a route by broadcasting another RREQ, up to a maximum of retry times at the maximum TTL value. In the Flooding attack, the attack
node violates the above rules to exhaust the network resource. Firstly, the attacker selects many IP addresses which are not in the networks if he knows the scope of IP address in the networks. Because no node can answer RREP packets for these RREQ, the reverse
route in the route table of node will be conserved for longer. The attacker can select random IP addresses if he cannot know scope of IP address.Secondly, the attacker successively originates mass RREQ messages for these void IP addresses. The attacker tries
to send excessive RREQ without considering Request rate limit within per second.

I have implemented a code for adding flood attack in Mobile ad-hoc network. For flooding entire network with request packet I have taken one flood timer which continuously send request packet to his neighbor. For adding flood timer code is below, add the ftimer
class in the constructor. This change should be done in AODV.cc file

AODV::AODV(nsaddr_t id) : Agent(PT_AODV), btimer(this), htimer(this), ntimer(this),rtimer(this), lrtimer(this),ftimer(this),ctimer(this),rqueue()

增加下列代码在BroadcastTimer之后：

//Added by NVT
void
FloodTimer::handle(Event*) {
//agent->nimble=true;
if (index == 1 ) {
agent->FloodRREQ(99);

// node 1 will be a attacker, flood attacker !
}

Scheduler::instance().schedule(this, &intr, FLOOD_INTERVAL);
}

now change the AODV.h file , add the flood timer class above broadcast
timer class. And also define the flood interval at very begining for aodv.h file, just like below. Here flood timer is 0.09 sec. every 0.09 second attacker will
send the request packet to his neighbor.

#define FLOOD_INTERVAL 0.09

class FloodTimer : public Handler {
public:
FloodTimer(AODV* a):    agent(a){}
void     handle(Event*);
private:
AODV     *agent;
Event     intr;
};

After adding this
adding flood timer now add the flood attacker logic. which send the fake request packet into the network. add it to below sendrequest function of AODV.cc

//Added by NVT
void
AODV::FloodRREQ(nsaddr_t dst){
//printf("");
Packet *p = Packet::alloc();

struct hdr_cmn *ch = HDR_CMN(p);
struct hdr_ip *ih = HDR_IP(p);
struct hdr_aodv_request *rq = HDR_AODV_REQUEST(p);
aodv_rt_entry *rt = rtable.rt_lookup(dst);
//printf("\nrt_flags======%d\n",rt->rt_flags);

printf("\n**********************in 'in FloodRREQ' at node::%d*****************************",index);
rtable.rt_display(index);
// Fill out the RREQ packet
// ch->uid() = 0;
ch->ptype() = PT_AODV;
ch->size() = IP_HDR_LEN + rq->size();
ch->iface() = -2;
ch->error() = 0;
ch->addr_type() = NS_AF_NONE;
ch->prev_hop_ = index;

ih->saddr() = index;
ih->daddr() = IP_BROADCAST;
ih->sport() = RT_PORT;
ih->dport() = RT_PORT;
ih->ttl_ = NETWORK_DIAMETER;
// Fill up some more fields.
//printf("\n Fill up some more fields in SENDrequest functin\n");

rq->rq_type = AODVTYPE_RREQ;
rq->rq_hop_count = 1;
rq->rq_bcast_id = bid++;
rq->rq_dst = dst;
rq->rq_dst_seqno = num;
rq->rq_src = index;
seqno += 2;
assert ((seqno%2) == 0);
rq->rq_src_seqno = seqno;
rq->rq_timestamp = CURRENT_TIME;
num=num+2;
Scheduler::instance().schedule(target_, p, 0.);
}