IP Flooding

Network Security Fall 2021
Due


The goals of this lab are to:

  1. Experiment with packet construction tools
  2. Exploit a network service vulnerable to flooding-based denial-of-service

Network Watchdog

In this lab, you will be attacking a network watchdog. This watchdog is responsible for supervising a user-facing service. That service must periodically “kick” the watchdog in order to demonstrate that it is still healthy. Otherwise, the watchdog will terminate that service. Your goal is to force the watchdog to drop a kick, causing it to terminate the supervised service and thus create a denial-of-service.

The watchdog is provided in a container image in Canvas. The watchdog protocol is as follows:

\[ \begin{align*} S \rightarrow W &: \mathsf{\verb+witness_me+} \| K \| H \\ \end{align*} \]

where \(K\) is an optional secret and \(H\) is a SHA-512 hash of the string witness_me and the secret, if any. This payload is encapsulated in an ICMP message with type 19 and code 0. A scapy-based client is shown below.

import hashlib
from scapy.all import *


def main():
    """Main."""

    interface = "lo"
    watchdog_ip = "127.0.0.1"
    prefix = b"witness_me"
    secret = b""

    while True:
        kick = IP(dst=watchdog_ip) / ICMP(type=19)
        h = hashlib.new("sha512")
        h.update(prefix + secret)
        kick.add_payload(prefix + secret + h.digest())
        send(kick, verbose=False, iface=interface)
        time.sleep(0.5)


if __name__ == "__main__":
    main()

Develop an attack that floods the watchdog to cause a denial of service. Assume that the watchdog runs with a timeout of 1 second. Feel free to adapt the above code to build your attack. Note that:

  • Your attack should be repeatable, e.g., it works >90% of the time.
  • You might need to adopt a different approach than adapting the example client.

Submission Instructions

Submit a TGZ archive to Canvas (one per group). This archive should contain a README that explains how your attack works, what obstacles you ran into, and how you dealt with those. If your group was not able to get the attack to work, explain why. Include any relevant source code in the archive.