1

Network Packet Generator

Midway presentationSupervisor: Mony Orbach

Presenting:

Eugeney Ryzhyk, Igor Brevdo

2

Reminder: Project goals

Building network packet generator (using ML310 board with Virtex-II Pro chip and Linux OS as a platform).

Allow customization and fine-tuning of the various packet generation parameters at different network stack layers (Ethernet frame, IP packet, TCP/UDP packet)

3

What do we have:

basic packet generator

- compiled in MontaVista environment- loadable as module in 2.4 Linux kernel- runs on ML310 board and can send

configurable packets via LAN- these packets are being catched by sniffer

software (ethereal) running on target PC

4

Packet generator is loaded as module into the kernel (MontaVista on ML310):

5

Packet generator as char device accessible via ioctl() system call:

6

Using Packet Generator to send test packet (icmp) to PC host

7

packets sent by packet generator are properly identificated as ICMP (ping) packets by ethereal sniffer software:

8

Our goals for next 2-3 monthes

- building environment for remote User Interface of packet generator.

- allowing flexibility in configuring of the packet features (num of packets, delay between packets, destination ip and source ip configuration)

- building traffic patterns for some known DoS attacks:

1.Syn attack 2.Smurf attack 3.Ping-of-Death

These will be available as short-cuts from the UI menu.

9

Review of known DoS attacks:

SYN Attack - When an attacker sends a series of SYN requests to a target (victim). The target sends a SYN ACK in response and waits for an ACK to come back to complete the session set up. Since the source address was fake, the response never comes, filling the victim's memory buffers so that it can no longer accept legitimate session requests.

Smurf Attack - When a perpetrator sends a large number of ICMP echo (ping) traffic at IP broadcast addresses, using a fake source address. The source address will be flooded with simultaneous replies.

Ping of Death - When an attacker sends illegitimate, oversized ICMP (ping) packets. These attacks are targeted at specific TCP stacks that cannot handle this type of packet and overload the victim's servers.