How to Implement fragmentation attack in OMNeT++

To implement the fragmentation attack in OMNeT++, in a network context, the fragmentation attack usually comprise manipulate the way IP packets are fragmented in the course of transmission. Attackers might use this method to bypass security mechanisms, reassemble malicious payloads, or create denial-of-service conditions. In OMNeT++, we have to configure an attacker node to send fragmented packets which cause problems while reassembled by the target to simulate this type of attack.

Below is a guide on how to implement a fragmentation attack in OMNeT++ using the INET framework:

Step-by-Step Implementation:

1. Set Up OMNeT++ and INET Framework

• Make sure to install and configure the OMNeT++ and INET framework. To simulate the IP protocols, we can use the INET framework’s modules which will help us to implement the fragmentation attack.

2. Define the Network Topology

• Create a network topology in a .ned file as well as a client, server, router, and an attacker node. The attacker node will send fragmented packets to the server.

Example:

network FragmentationAttackNetwork

{

submodules:

client: StandardHost;

server: StandardHost;

router: Router;

attacker: StandardHost;

connections:

client.ethg++ <–> Eth10G <–> router.ethg++;

attacker.ethg++ <–> Eth10G <–> router.ethg++;

router.ethg++ <–> Eth10G <–> server.ethg++;

}

• The attacker node is connected to the network and will send fragmented packets to the server.

3. Create a Custom Fragmentation Attack Module

• Simulate a fragmentation attack by creating a custom C++ module that generates fragmented IP packets with certain features that can be used to exploit or disrupt the target system.

Example C++ code for a custom fragmentation attack module:

#include <omnetpp.h>

#include “inet/common/packet/Packet.h”

#include “inet/networklayer/contract/ipv4/Ipv4Header_m.h”

#include “inet/applications/base/ApplicationPacket_m.h”

using namespace omnetpp;

using namespace inet;

class FragmentationAttack : public cSimpleModule

{

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

void sendFragmentedPacket();

};

void FragmentationAttack::initialize()

{

// Schedule the first fragmented packet send event

scheduleAt(simTime() + par(“startTime”), new cMessage(“sendFragment”));

}

void FragmentationAttack::handleMessage(cMessage *msg)

{

if (msg->isSelfMessage()) {

sendFragmentedPacket();

scheduleAt(simTime() + par(“interval”), msg);  // Continuously send fragmented packets

} else {

delete msg;

}

}

void FragmentationAttack::sendFragmentedPacket()

{

// Create the original packet that will be fragmented

auto payload = makeShared<ApplicationPacket>();

payload->setChunkLength(B(1024));  // Original packet size

auto packet = new Packet(“FragmentedPacket”);

packet->insertAtBack(payload);

// Fragment the packet into smaller pieces

for (int i = 0; i < 4; i++) {

auto fragment = packet->dup();  // Duplicate the original packet

auto ipv4Header = makeShared<Ipv4Header>();

ipv4Header->setIdentification(1);  // All fragments have the same ID

ipv4Header->setFragmentOffset(i * 256);  // Set the fragment offset

ipv4Header->setMoreFragments(i < 3);  // Set more fragments flag

ipv4Header->setChunkLength(B(20));  // Set header length

fragment->insertAtFront(ipv4Header);

fragment->setName(“Fragment”);

send(fragment, “out”);

}

delete packet;  // Clean up the original packet

}

 

Define_Module(FragmentationAttack);

• This module simulates the sending of a packet in four fragments. Every fragment is sent with the identical identification number but various fragment offsets.

4. Configure the Attacker Node

• Configure the attacker node to use the fragmentation attack module in the .ini file.

Example configuration in omnetpp.ini:

*.attacker.numApps = 1

*.attacker.app[0].typename = “FragmentationAttack”

*.attacker.app[0].startTime = 1s

*.attacker.app[0].interval = 0.5s  # Interval between sending fragmented packets

• startTime determines when the fragmentation attack starts.
• interval sets the frequency at which fragmented packets are sent.

5. Configure the Server Node

• The server node should be configured to receive and process incoming traffic. It will try to reassemble the fragmented packets sent by the attacker.

Example:

*.server.numApps = 1

*.server.app[0].typename = “UdpSink”  // or another application to receive the packets

*.server.app[0].localPort = 5000

• The server is set up to receive fragmented packets and reassemble them.

6. Run the Simulation

• Compile and run the OMNeT++ simulation. The attacker node will start sending fragmented packets to the server, which will go to reassemble them.

7. Analyze the Results

• Observe the effects of the fragmentation attack using OMNeT++’s analysis tools. Emphasis on whether the server is able to properly reassemble the packets, and monitor if any concerns like packet loss, misassembly, or buffer overflows occur.
• Check for potential security issues, like the attacker sending overlapping fragments to overwrite parts of the original data.

8. Enhancements and Variations

• Overlapping Fragments: Create the overlapping fragments that can cause reassembly problems or buffer overflows by altering the fragmentation logic.
• Defensive Mechanisms: Mitigate fragmentation attacks by implementing and examining the network defenses, like intrusion detection systems (IDS) or reassembly timeouts, to mitigate fragmentation attacks.
• Different Protocols: Use various protocols (for instance: TCP instead of UDP) to simulate the fragmentation attacks to see how they manage fragmentation and reassembly.

Example Files

You might create the following files as part of the simulation:

• FragmentationAttackNetwork.ned: Describe the network topology.
• omnetpp.ini: Has configuration settings for the fragmentation attack.
• FragmentationAttack.cc: Custom C++ code for the fragmentation attack module.

This process will help you understand the basic network setup and how to implement the fragmentation attack with a sample and also checks whether it is properly works or not in the OMNeT++. If needed, we will offer another guide which uses other protocols to execute it. Our developers have successfully executed the implementation of the fragmentation attack in the OMNeT++ tool for your projects.