Hi,
I have created a simple network and simulated a Red Code worm attack with values for its parameters under the guidance of this paper: "Evaluation of Attacks and Countermeasures in Large Scale Networks" . but, because of creation of the Destination Addresses in Worm Application that don't exist in my network also the small number of ticks in my simulation (I have set), after simulation there is no any paket sent from my Bot to other.
1- for a Red Code Worm , I should set 256, 256, 256 and 256 for r1,r2,r3 and r4 parameters of worm application even if I have a small network ?(If Yes , How much do I set the number of ticks for my simulation untill the worm works properly for my small network? )
2- when a end node of network recieves a worm packet, Does that node send worm packets to the ather ,too ,even if it isn't a Bot node ?( the worm spreads itself? )(if no , how this worm make network and bandwidth busy?)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The worm application randomly selects the next IP address it will contact. So if your network is very small and the simulation duration is very short, it is likely that no other node in your network will ever be attacked. So, either increase the network size, the simulation duration or modify r1-r4, so that the randomly created addresses are closer to your network.
To simulate that a host can be exploited by the worm application, this application has to be placed on the host and "Initially Active" needs to be set to false. In case an active worm application selects an host with an inactive worm as a destination, the worm will be activated.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
1- So for a worm attack simulation, must be at least one host with worm application that "Initially Active" parameter is set to true and if all worm attackers have "Initially Active" with 'false' value ,no worm attack is done,Yes?
and so I have to create two profile for worm attakcers , one with true "Initially Active" for active attackers and another with false "Initially Active" for inactive attackers, yes?
2- Can i set zero value for r1 - r4 parameters?
3- for some values for this parameters for example 10,10,1,40 for r1 ,r2 , r3, r4 , at the first of the simulation , I recieve this exception :
Observer de.dailab.nessi.beans.DeviceManagementBean@7f499c thrown an exception in notify(SpaceEvent) for event: WriteCallEvent[source=FactBase, object=[Headers: {JiacTNGSenderAddress=>msgbox:n-b49fa49e3f2/a-b4bfb4ec3ab;JiacTNGSendToAddress=>n-b49fa49e3f2/a-b4c3f07f1f9;JiacTNGProtocolID=>DefaultMessageHeader}, Payload: de.dailab.nessi.beans.messages.ExecuteTickRequest@56a086, Sender: msgbox:n-b49fa49e3f2/a-b4bfb4ec3ab]]
java.lang.NullPointerException
at de.dailab.nessi.ip.api.layer.impl.InternetLayer.routingLookup(InternetLayer.java:178)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.forward(IPv4Protocol.java:252)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.handleDestinationUnreachable(IPv4Protocol.java:351)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.forward(IPv4Protocol.java:254)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.receivePacket(IPv4Protocol.java:106)
at de.dailab.nessi.ip.api.layer.impl.InternetLayer.receive(InternetLayer.java:97)
at de.dailab.nessi.ip.api.layer.impl.LinkLayer.receive(LinkLayer.java:93)
at de.dailab.nessi.ip.handler.PacketForwardingHandler.handleInQueues(PacketForwardingHandler.java:182)
at de.dailab.nessi.ip.handler.PacketForwardingHandler.executeTick(PacketForwardingHandler.java:170)
at de.dailab.nessi.beans.DeviceManagementBean.receivedTickRequest(DeviceManagementBean.java:135)
at de.dailab.nessi.beans.DeviceManagementBean.handleMessage(DeviceManagementBean.java:88)
at de.dailab.nessi.beans.NeSSiAgentBean.notify(NeSSiAgentBean.java:93)
at org.sercho.masp.space.event.EventedSpaceWrapper$EventDispatcher.notify(EventedSpaceWrapper.java:183)
at org.sercho.masp.space.event.EventedSpaceWrapper$EventDispatcher.fire(EventedSpaceWrapper.java:146)
at org.sercho.masp.space.event.EventedSpaceWrapper$EventDispatcher.run(EventedSpaceWrapper.java:117)
Last edit: maryam 2014-07-28
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
In regard to 1: Yes, that is correct. At the very least you need to worm applications one active and one inactive.
In regard to 2: Actually I am not sure, but I am also not sure what you wanr to achieve with this.
In regard to 3: That should not have happened. The exception is due to a missing destination IP address in the header of an IP packet. I am not sure why such a header was created. This is we have to take a closer look at, I guess there is a problem with the error handling for creating IP packets with invalid IP addresses
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have created a simple network and simulated a Red Code worm attack with values for its parameters under the guidance of this paper: "Evaluation of Attacks and Countermeasures in Large Scale Networks" . but, because of creation of the Destination Addresses in Worm Application that don't exist in my network also the small number of ticks in my simulation (I have set), after simulation there is no any paket sent from my Bot to other.
1- for a Red Code Worm , I should set 256, 256, 256 and 256 for r1,r2,r3 and r4 parameters of worm application even if I have a small network ?(If Yes , How much do I set the number of ticks for my simulation untill the worm works properly for my small network? )
2- when a end node of network recieves a worm packet, Does that node send worm packets to the ather ,too ,even if it isn't a Bot node ?( the worm spreads itself? )(if no , how this worm make network and bandwidth busy?)
Hi,
a few remarks:
The worm application randomly selects the next IP address it will contact. So if your network is very small and the simulation duration is very short, it is likely that no other node in your network will ever be attacked. So, either increase the network size, the simulation duration or modify r1-r4, so that the randomly created addresses are closer to your network.
To simulate that a host can be exploited by the worm application, this application has to be placed on the host and "Initially Active" needs to be set to false. In case an active worm application selects an host with an inactive worm as a destination, the worm will be activated.
1- So for a worm attack simulation, must be at least one host with worm application that "Initially Active" parameter is set to true and if all worm attackers have "Initially Active" with 'false' value ,no worm attack is done,Yes?
and so I have to create two profile for worm attakcers , one with true "Initially Active" for active attackers and another with false "Initially Active" for inactive attackers, yes?
2- Can i set zero value for r1 - r4 parameters?
3- for some values for this parameters for example 10,10,1,40 for r1 ,r2 , r3, r4 , at the first of the simulation , I recieve this exception :
Observer de.dailab.nessi.beans.DeviceManagementBean@7f499c thrown an exception in notify(SpaceEvent) for event: WriteCallEvent[source=FactBase, object=[Headers: {JiacTNGSenderAddress=>msgbox:n-b49fa49e3f2/a-b4bfb4ec3ab;JiacTNGSendToAddress=>n-b49fa49e3f2/a-b4c3f07f1f9;JiacTNGProtocolID=>DefaultMessageHeader}, Payload: de.dailab.nessi.beans.messages.ExecuteTickRequest@56a086, Sender: msgbox:n-b49fa49e3f2/a-b4bfb4ec3ab]]
java.lang.NullPointerException
at de.dailab.nessi.ip.api.layer.impl.InternetLayer.routingLookup(InternetLayer.java:178)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.forward(IPv4Protocol.java:252)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.handleDestinationUnreachable(IPv4Protocol.java:351)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.forward(IPv4Protocol.java:254)
at de.dailab.nessi.ip.api.protocols.ip.IPv4Protocol.receivePacket(IPv4Protocol.java:106)
at de.dailab.nessi.ip.api.layer.impl.InternetLayer.receive(InternetLayer.java:97)
at de.dailab.nessi.ip.api.layer.impl.LinkLayer.receive(LinkLayer.java:93)
at de.dailab.nessi.ip.handler.PacketForwardingHandler.handleInQueues(PacketForwardingHandler.java:182)
at de.dailab.nessi.ip.handler.PacketForwardingHandler.executeTick(PacketForwardingHandler.java:170)
at de.dailab.nessi.beans.DeviceManagementBean.receivedTickRequest(DeviceManagementBean.java:135)
at de.dailab.nessi.beans.DeviceManagementBean.handleMessage(DeviceManagementBean.java:88)
at de.dailab.nessi.beans.NeSSiAgentBean.notify(NeSSiAgentBean.java:93)
at org.sercho.masp.space.event.EventedSpaceWrapper$EventDispatcher.notify(EventedSpaceWrapper.java:183)
at org.sercho.masp.space.event.EventedSpaceWrapper$EventDispatcher.fire(EventedSpaceWrapper.java:146)
at org.sercho.masp.space.event.EventedSpaceWrapper$EventDispatcher.run(EventedSpaceWrapper.java:117)
Last edit: maryam 2014-07-28
In regard to 1: Yes, that is correct. At the very least you need to worm applications one active and one inactive.
In regard to 2: Actually I am not sure, but I am also not sure what you wanr to achieve with this.
In regard to 3: That should not have happened. The exception is due to a missing destination IP address in the header of an IP packet. I am not sure why such a header was created. This is we have to take a closer look at, I guess there is a problem with the error handling for creating IP packets with invalid IP addresses
I attached my network . for easy analysis for myself , I've removed the Profiles that I set for all Bot nodes except 'Bot56' of 'subnet28'.
thanks
I'm experiencing a very similar thing, any news on this issue?