ASSIGNMENT 1: NETWORK LAYER ATTACKS

Submitted by: - Megha Tyagi

Roll No: - 1/14/FET/BEC/1/012
WORMHOLE ATTACK
The colluding nodes creates an illusion that two geographically separated
(remote) nodes are directly connected and appears that the nodes as neighbours.
But actually, they are distinct from each other. The aim of the wormhole attack is
to create the man in the middle attack and dropping the packets. The malicious
node receives data packets at one node and tunnels them to another malicious
node. The tunnel is created either using a wired link or by having a long range
high bandwidth wireless link operating at a different frequency band. This type
of attack prevents the discovery of any actual routes. the malicious node connects
two distinct points in the space via the shortcut route. It will disrupt the routing
by short circuiting the network. This wormhole link becomes the lowest cost of
path to the destination. Therefore, these nodes are included for the transmission
to the destination.

BLACKHOLE ATTACK
➢ MANET uses a reactive routing protocol such as Ad hoc on demand
Distance Vector (AODV), Dynamic Source Routing (DSR), and Secure
Aware routing (SAR) for the routing of the data packets.
➢ When the AODV routing protocol is used to discover the routes, it works
based on two types packets such as Route request (RREQ) packet and
Route reply (RREP) packet. The source node sends the RREQ packets to
all other nodes to find the shortest route between the source and the
destination in the network.
➢ The malicious node receives the RREQ packet and claim that it is having
the shortest route or optimum path to the node it wanted to actually transmit
(destination). The malicious node sends the response by using the RREP
packet that is having the shortest and fresh route for the destination from
the source. It is the fake RREP with extremely short route.
➢ Upon sending the fake RREP packet to the source node, the malicious
node can able to place itself in the communicating network. It means that
the transmitting packets are should be passed only by this malicious node
only.
 ➢ After sending the RREP packet, the malicious node receives the data
packets from the source and does not forwards to the neighbour nodes or
simply drops the packets that they received without sending to the
destination node.

BYZANTINE ATTACK
Attacks where adversaries have full control of a number of authenticated devices
and behave arbitrarily to disrupt the network are referred to as Byzantine attacks.
Once the active set of insider nodes in the network are turned to be malicious by
the attackers then the whole network will be under the control of adversaries and
further secured data transmission is not possible. This is very crucial in case of
mobile devices used in military fields and medical fields for transferring patient
reports and medical advises. A byzantine adversary can prevent the route
establishment by dropping the route request or response packets, modify the route
selection metrics such as packet ids, hop counts, drops packets selectively, creates
routing loops, forwards the packets through non-optimal paths for time and
bandwidth consuming purpose and so on. Are the attacks in which a single node
or a set of nodes works together to create loops, forwards packets through non-
optimal paths or selectively drops the packets which results in disruption or
degradation of the routing services and network performance.

INFORMATION DISCLOSURE ATTACK

Information disclosure is when an application fails to properly protect sensitive

information from parties that are not supposed to have access to such information
in normal circumstances. These type of issues are not exploitable in most cases,
but are considered as web application security issues because they allows
attackers to gather information which can be used later in the attack lifecycle, in
order to achieve more than they could if they didn’t get access to such
information.

Information disclosure issues can range in the criticality of the information

leaked, from disclosing details about the server environment to the leakage of
administrative accounts credentials or API secret keys, which may have
devastating outcomes on the vulnerable web application.
RESOURCE CONSUMPTION ATTACK
Resource Consumption attack (RCA) is against on demand routing protocol. It is
the one of DOS attack, in which attacker exploits the route discovery process13-
16. During the route discovery process when the source node sends the RREQ
packet, then attacker node kept this packet with a different ID, in order to modify
the processing ID of each node continuously and consume its limited energy of
resource, memory and bandwidth. The main purpose of RCA is to consume the
energy of legitimate nodes and to find the available link throughout.
RCA is one of the Denial of Service attacks (DoS) in which the attacker keeps
broadcasting Route Request (RREQ) packets in order to degrade the network
overall performance. Specifically, this paper examined how differing the number
of attackers and their positions could affect MANET packet delivery ratio and
delay jitter. The paper results open the door for suggesting an intrusion detection
system in order to mitigate and prevent RCA terrible effects on MANET.

ROUTING ATTACKS
1. Denial of Service attacks: – The DoS attack is done by the attacker who has
the motive of flooding request to the router or other devices affecting the
availability. Sending more number of ICMP packets from multiple sources
makes the router unable to process traffic. If the router is unable to process
traffic it is unable to provide services in the network and the whole network
goes down affecting daily activity of organization.

2. Packet Mistreating Attacks: – In this type of attack after the router is injected
with malicious codes the router simply mistreats the packets. Router cannot
handle its own routing process and starts mishandling the packet. The
malicious router is unable to process the packets properly and creates loops,
denial-of-service, and congestion and so on in the network. This type of attack
is very difficult to find and debug.

3. Routing table poisoning: – Routers use routing table to send packets in the
network. The router moves the packets by looking into the routing table. The
routing table is formed by exchanging routing information between routers.
Routing table poisoning means the unwanted or malicious change in routing
table of the router. This is done by editing the routing information update
packets which are advertised by routers. This attack can cause severe damage
in the network by entering wrong routing table entries in the routing table.
4. Hit-and-Run Attacks: – This attack is also called test attack where the
attacker injects malicious packets into the router and sees if the network is
online and functioning or not. If yes, the attacker sends further more malicious
packets to harm the router. This attack can cause router to do unusual activities
that depends upon the code injected by the attacker. This type of attack is hard
to identify and can cause severe damage to the router’s work.

5. Persistent Attacks: – Unlike hit and run attack in this attack the attacker
repeatedly injects malicious packets into the router causing the router to
exploit vulnerabilities. This attack is very severe in nature and can cause heavy
damage. The router can stop functioning from continuous malicious packet
injection. This type of attack is easier to detect compared to another router
attack.