Thursday, 30 April 2009

Some NS-2 code to simulate DoS and DDoS attacks

This is some basic TCL code that used for some simulations. This code works on the NS-2 network simulator.

Simple simulation with flow monitors. It creates 4 nodes: 1 UDP source and 1 TCP source (FTP), 1 destination node and 1 transit node. It monitors the flows coming in and out from the queue in the link between the transit and destination node. It dumps the trace data to a flow file.

Ping Flood . It creates two nodes. Node 1 floods ping packets to Node 2. It could be useful to simulate Denial of Service attacks.

Simple DoS Attack. It creates a topology of 7 nodes. Two nodes generate valid traffic (one UDP and another TCP in the form of FTP). Another node generates and UDP DoS.


Mourones said...
This comment has been removed by the author.
Mourones said...

i execute tflow01 on ubuntu terminal, but the nam didn't pop out after i exec "ns tflow01.tcl", it only generate a txt result file. is it correct?

Arturo Servin said...

From the header of the tcl file there is some info:

# usage: ns tflow01.tcl [arg]
# arg = 1|2|3|4 depending of the output required

The output is in outputs_trace.txt

Because I was using this file as input to other process it has no headers identifying the meaning of each value. You will need to check in the source tcl. For example:

if {$out_print == 3 } {
puts $file_out "acks: $acks delta: $deltaacks wind: $window avgwd: $avgwind atack: $attack_flag"

to know what is in each variable you will need to check what it is querying from NS:

#puts -nonewline $file_out "RTT1:[$tcp set rtt_],[$tcp set rttvar_] "
#puts -nonewline $file_out "ack:[$tcp set ack_],[$tcp set dupacks_] "
#puts -nonewline $file_out "wind: [$tcp set cwnd_], [$tcp set awnd_] "
#puts -nonewline $file_out "sths: [$tcp set ssthresh_] backoff: [$tcp set backoff_] "
#puts -nonewline $file_out "maxseq:[$tcp set maxseq_] "
#puts $file_out " "
#puts $file_out "time: $now RTT5: [$tcp5 set rtt_]"
#puts -nonewline $file_out "RTT1:[$tcp set rtt_],[$tcp set rttvar_] "

And about NAM, it is disabled. You will need to uncomment the line as indicated in the 'finish' procedure:

#Execute NAM on the trace file, uncomment the next line to exec NAM automatically
#exec nam out.nam &

Mourones said...
This comment has been removed by the author.
Mourones said...

Thanks Arturo, i got it.
But i have another problem on your pingflood.tcl, when i launch it in the terminal, it normally appear the Nam with two node, but when i start it, it stopped at 0.0020000 all the time. I'm not sure what problem it is, but i am using Nam 1.14 on Ubuntu 9.04.
Sorry for my poor english.
Actually i just want to create 4 nodes to test the ping flood. that mean Node 1 is server, connecting with other 3 nodes. Nodes 4 is attacker which ping flooding the server, another two nodes fail to request service from the server because Nodes 4 is exhausted all bandwidth from server. Do my concept have anything wrong? Thanks...

Mourones said...
This comment has been removed by the author.
Mourones said...

Dear Arturo,
I've ran the pingflood file and it generated a trace file. but i am not quite understand what the number meaning. something like:
+ 0.2 0 1 ping 1500 ------- 0 0.0 1.0 -1 0
- 0.2 0 1 ping 1500 ------- 0 0.0 1.0 -1 0

Would you mind to tell me what's those represent for?
Really thanks!!...

shadow_cat said...

i tried to check out the tcl script.. but my browser says forbidden!!

ankit said...

i want to download files but its error 403 can any one please repair it

Ody said...

Dear Arturo,
When i try to download the tcl files, there's the following error that occurs:
You don't have permission to access /~aservin/code/monitor_one_int.tcl on this server.

Is there some other website i can get them from?