How to Implement firewall attack in OMNeT++

To implement the firewall attack in OMNeT++, we have to simulate a situation where the attacker tries to bypass, manipulate or overwhelm the firewall which is protecting the network. This attack can take numerous forms like Denial of Service (DoS) attacks targeting the firewall, packet crafting to bypass firewall rules, or exploiting vulnerabilities in firewall software.

Here, we offered guide on how to simulate a firewall attack in OMNeT++ using the INET framework:

Step-by-Step Implementation:

1. Set Up OMNeT++ and INET Framework

• Make sure that OMNeT++ and INET framework are properly installed. Simulate the network protocols and firewall features using modules provided by the INET framework.

2. Define the Network Topology

• Create a network topology in a .ned file as well as a client, server, router, firewall, and an attacker node. The firewall is placed amongst the router and the server to protect the server from malicious traffic.

Example:

network FirewallAttackNetwork

{

submodules:

client: StandardHost;

server: StandardHost;

router: Router;

firewall: StandardHost;

attacker: StandardHost;

connections:

client.ethg++ <–> Eth10G <–> router.ethg++;

router.ethg++ <–> Eth10G <–> firewall.ethg++;

firewall.ethg++ <–> Eth10G <–> server.ethg++;

attacker.ethg++ <–> Eth10G <–> router.ethg++;

}

• The firewall node acts as a barrier to guard the server, while the attacker tries to bypass or exploit the firewall.

3. Implement Firewall Functionality

• Based on specific rules, we have to create a custom application or use an existing module which filters the traffic to execute the basic firewall functionality using the INET framework.

Option A: Simple Firewall Using Packet Filters

• Configure the firewall to consent or block traffic based on IP addresses, ports, or protocols.

Example configuration in omnetpp.ini:

*.firewall.numApps = 1

*.firewall.app[0].typename = “PacketFilterApp”

*.firewall.app[0].rules = “allow tcp from any to 10.0.0.2/32 80; deny all”

• This configuration permits only TCP traffic to the server’s IP on port 80, blocking all other traffic.

Option B: Custom Firewall Module

• For more difficult actions, you can create a custom firewall module in C++ that examines packets and applies rules.

Example C++ code for a simple custom firewall:

#include <omnetpp.h>

#include “inet/common/packet/Packet.h”

#include “inet/networklayer/contract/IInterfaceTable.h”

#include “inet/networklayer/contract/ipv4/Ipv4Address.h”

using namespace omnetpp;

using namespace inet;

class CustomFirewall : public cSimpleModule

{

protected:

virtual void initialize() override;

virtual void handleMessage(cMessage *msg) override;

bool isPacketAllowed(Packet *packet);

};

void CustomFirewall::initialize()

{

// Initialization code here

}

void CustomFirewall::handleMessage(cMessage *msg)

{

Packet *packet = check_and_cast<Packet *>(msg);

if (isPacketAllowed(packet)) {

send(packet, “out”);

} else {

EV << “Packet dropped by firewall: ” << packet->getFullName() << “\n”;

delete packet;

}

}

bool CustomFirewall::isPacketAllowed(Packet *packet)

{

// Example rule: allow TCP traffic to port 80 on the server

auto ipv4Header = packet->peekAtFront<Ipv4Header>();

if (ipv4Header->getProtocol() == IP_PROT_TCP && ipv4Header->getDestinationAddress() == Ipv4Address(“10.0.0.2”) && ipv4Header->getDestinationPort() == 80) {

return true;

}

return false;

}

 

Define_Module(CustomFirewall);

• This custom firewall examines packets and only progressed those that match specific criteria.

4. Simulate a Firewall Attack

• The attacker node can try various tactics to bypass or overwhelm the firewall.

1. Packet Crafting to Bypass Firewall

• The attacker can craft packets that imitate legal traffic but are actually malicious.

Sample:

*.attacker.numApps = 1

*.attacker.app[0].typename = “UdpBasicApp”

*.attacker.app[0].destAddr = “server”

*.attacker.app[0].destPort = 80  // Send traffic to allowed port

*.attacker.app[0].messageLength = 1024B

*.attacker.app[0].sendInterval = 0.1s

• The attacker sends UDP packets to port 80, try to pass over the firewall.

1. Denial of Service (DoS) Attack on Firewall

• The attacker downpours the firewall with traffic, attempting to overwhelm it.

Example:

*.attacker.numApps = 1

*.attacker.app[0].typename = “UdpBasicApp”

*.attacker.app[0].destAddr = “server”

*.attacker.app[0].destPort = 5000  // Target another service or flood with random traffic

*.attacker.app[0].messageLength = 1024B

*.attacker.app[0].sendInterval = 0.01s  // High frequency to simulate a flood

• To saturate the firewall’s processing capacity,  make the attacker sends a flood of packets to the server.

5. Run the Simulation

• Compile and run the OMNeT++ simulation. The attacker node will implement the configured firewall attack, and Monitor how the firewall manages the malicious traffic.

6. Analyze the Results

• Monitor the impact of the firewall attack using the analysis tool in OMNeT++. Focus on metrics like network throughput, firewall response times, packet loss, and whether the attacker succeeds in bypassing or devastating the firewall.
• Monitor how the firewall performs under various attack situations and whether it successfully filters out malicious traffic.

7. Enhancements and Variations

• Advanced Bypassing Techniques: Mimic more refined attacks like fragmented packets or encrypted traffic, to see if they can bypass the firewall.
• Intrusion Detection Systems (IDS): Execute IDS which works in conjunction with the firewall to identify and block attacks more efficiently.
• Load Testing: Increase the intensity of the attack to see how much traffic can be managed before it begins failing by examine the firewall’s capacity.

Example Files

You might create the following files as part of the simulation:

• FirewallAttackNetwork.ned: Describes the network topology.
• omnetpp.ini: Has configuration settings for the firewall and attack simulations.
• CustomFirewall.cc: Custom C++ code for the firewall module.

Through this approach, we successfully learned how the firewall works and how implement and overwhelm them to execute the firewall attacks in the OMNeT++. We can provide any other details about the firewall and how to use it through another process. Implementation of  the firewall attack in OMNeT++ tool for your projects are carried out well by our developers.