Since using multi-hop routing necessarily involves trusting other
computers with your data, security is an issue. Developing secure
protocols is hard because there are many goals to be design towards,
and it
only takes one hole in a protocol for it to go from secure to
insecure. An additional
element that adds difficulty is the ballance between security and
usability. Imagine if everyone who wanted to use the network
needed to
personally get approval from the Global Network Security Guru.
There
would be a long line and lots of unhappy people or no one would want to
use the network, even though it might be really secure.
We will again be working with AODV in this lab. There are a
number of known attacks on AODV. We will be exploring
the effects of two of them. The first attack exploits the
fact that AODV uses advertised routes that have a cost associated with
them. We can exploit this fact and affect other users' ability to
use the network by falsly advertising route costs. We will
specifically insert an attacker node into the network that simply tells
the other nodes it has the best route to every other node in the
network.
The second attack is a denial of service (DoS) attack along with a
route poisoning attack. It
works based on the insecurity of the sequence numbers again and the
lack of authentication of the sources of route request messages in
AODV. The attacking code sends route requests with high sequence
numbers, impersonating alternately two nodes on the network.
The nodes are refered to as in lab 4:
Node
MAC Address
IP Address
A
AA:AA:AA:AA:AA:AA
192.168.0.1
B
BB:BB:BB:BB:BB:BB
192.168.0.2
C
CC:CC:CC:CC:CC:CC
192.168.0.3
D
DD:DD:DD:DD:DD:DD
192.168.0.4
Attack 1 Setup:
Setup the nodes as shown in the graphic above. Start the aodvd process at each node except
at node B. At node B, start
the
malicous AODV routing daemon by assuming the wireless interface at node
B is wlan0 and running:
aodvd-aa -l -r 30 -i wlan0
Wait about 30 seconds for the nodes to find each other again.
Start iperf at node D with:
iperf -s
At node A run:
iperf -c 192.168.0.4
Attack 2 Setup:
Kill the aodvd-aa process
running on node B. Then start a different malicious AODV daemon
aodvd-dos by entering the following at the command line:
aodvd-dos 192.168.0.2 192.168.0.1
192.168.0.4
The structure of this command is: aodvd-dos <wlan0_ip_addr>
<other_node_wireless_ip_addr> <destination_ip_addr>
Try running iperf again as in attack 1. Record your
results.
Analysis:
Propose a methods for fixing these flaws in AODV. For each
attack, how much was traffic on the network decreased as compared to
that in previous labs? Which attack was worse? Why?
Imagine a larger network with
multiple paths to a given destination. What would the effects of
this attack look like in that situation? How would the placement
of the attacker node relative to a given source and destination change
the effects?