P
Packet Flooding Attack
�
Network Bandwidth Denial of Service (DoS)
Packet-Dropping Attack
Qijun Gu
Department of Computer Science, Texas State
University-San Marcos, San Marcos, Texas, USA
Related Concepts
�
Node Compromises
;
�
Secure Routing
Definition
Packet-dropping attack is a type of denial-of-service (DoS)
attack that drops packets to make the source and the des-
tination perceive disconnection or degradation of path
quality.
Background
In an ad hoc network, nodes form the network collabo-
ratively without using any infrastructure. Different from
the Internet, ad hoc nodes are both end hosts and routers.
In order to deliver packets, they must ask other nodes to
forward packets in the network. Such cooperation is criti-
cal to the aliveness of the network. However, since nodes
are not trustable in ad hoc networks, a malicious or a
compromised node, residing on a path, can drop packets
forwarded along that path. Such malicious actions disrupt
normal packet forwarding and may further cause denial of
service (DoS) or change the network-routing topology.
Theory
Packet-dropping attacks can target various kinds of packets
at or above the network layer. It requires attacking nodes to
be on the paths. Attackers can also use different dropping
strategies to cause different consequences.
At the network layer, an attacker can drop rout-
ing packets, data packets, or other network management
packets (such as the Internet control message protocol
(ICMP) packets). If routing packets are dropped, the valid
paths contained in the dropped packets will not be used.
Although attackers will be excluded from the paths due to
dropping routing packets, they can isolate a part of net-
work or partition a network. If attackers on a path drop
data packets, the source and the destination of the path
will perceive packet loss on the path and thus redo the
route discovery. Similarly, dropping network management
packets will disrupt network management. For instance,
the ICMP host unreachable packet is used in the ad hoc
on-demand distance vector (AODV) routing protocol to
indicate that a destination address is not assigned to any
nodes in a subnetwork. Dropping this packet will deceive
upstream routing nodes and the source that the unassigned
address is assigned in the subnetwork.
At the transport layer, especially for the transmission
control protocol (TCP), attackers can drop TCP control
packets or data packets. Three attack objectives can be
achieved. One is that new TCP connections cannot be
established if synchronize (SYN) and acknowledge (ACK)
packets for establishing the connections are dropped. The
second is that current TCP connections can be discon-
nected or slowed if data packets are dropped. Dropping
data packets triggers the congestion control mechanism
of TCP naturally, which asks for retransmitting lost pack-
ets, turning to the slow start phase, or disconnecting failed
connections. The third is to consume the resource of end
hosts. For instance, reset (RST) and finish (FIN) pack-
ets are used to finish a TCP connection. Dropping them
will make end hosts keep the open status of a closed TCP
connection.
Attackers can use different strategies to drop pack-
ets. In the black hole attack, attackers drop all packets
simply. Attackers can also manipulate routing protocols,
for instance, sending forged routing packets, such that all
packets are routed to a destination with an invalid address.
Then the packets will be discarded.
The other dropping strategy is the gray hole attack, in
which attackers drop packets selectively. Such attack strat-
egy further divides into selected-type packet dropping,
periodic packet dropping, random packet dropping, and
retransmission packet dropping. In a selected-type packet
Henk C.A. van Tilborg & Sushil Jajodia (eds.), Encyclopedia of Cryptography and Security, DOI ./----,
© Springer Science+Business Media, LLC
P
Packet-Dropping Attack
dropping, an attacker could drop some types of packets
but not others. For example, the attacker only drops data
packets but forwards routing packets. As a consequence,
end hosts will be able to discover routes but cannot use
them. In a periodic packet dropping, an attacker drops
m packets in every n seconds. When the period is about
the retransmission time out (RTO) period, the through-
put under attack could be reduced to zero [
,
]. The third
strategy is random packet dropping, in which an attacker
tosses a coin to decide whether or not to drop a packet.
Such dropping reduces the throughput of the connections
on the path, because the dropped packets will be retrans-
mitted and the transmission window size will be reduced.
The strategy of retransmission packet dropping will result
in a large delay in connections and disconnection. Because
the back-off time of a TCP connection increases expo-
nentially as retransmission fails, dropping retransmission
packets is easier to cause larger backoff time than other
dropping strategies [
].
Generally, defense against packet-dropping attacks uti-
lizes packet delivery mechanisms that use multiple paths
and intrusion detection schemes that detect misbehaving
nodes. Since multiple paths can be established between a
pair of source and destination in an ad hoc network, pack-
ets can be delivered in these paths. As long as attackers
cannot take control of all these paths, packets can be deliv-
ered via at least one of the paths. Based on this principle,
a secure message transmission protocol (SMT) was devel-
oped [
]. With SMT, the source and the destination nodes
make use of a set of diverse, preferably disjoint paths that
are initially deemed valid. The source uses a route discov-
ery protocol to identify these paths and keeps them in an
active path set. Then the source disperses each outgoing
message into a number of pieces. This operation intro-
duces redundancy in the coding of the outgoing messages.
The destination can reconstruct the dispersed message
after receiving sufficient pieces. Each dispersed message is
transmitted across a different route and carries a message
authentication code, so that the destination can verify its
integrity and the authenticity of its origin.
Since attackers drop packets that they are supposed to
forward, such misbehavior is most likely different from
normal packet loss. Their neighboring nodes may be able
to observe this kind of malicious activity in ad hoc net-
works. The IDS, Confidant [
], was proposed to detect if
a node is cooperating in packet delivery. The IDS agent is
made of four components and implemented in each node.
One is the monitor, with which a node listens the trans-
mission of the next node on a path. The second is the trust
manager, which sends out an alarm message to warn oth-
ers of malicious nodes. The third is the reputation system,
with which a node rates other nodes locally based on the
observation and exchanges the ratings to compute reputa-
tion of other nodes. The last is the path manager, which
selects and re-selects paths to exclude attackers. For each
packet a node forwards, the monitor checks if the next-
hop node also forwards the packet correctly. When the
monitor detects an anomaly, it triggers the reputation sys-
tem to downgrade the reputation of the suspicious node.
When the reputation of the suspicious node is below a
level, the path manager will choose a path to avoid using
the suspicious node, and the trust manager will alert other
nodes.
|
