.

4 Attacks at network layer

Network layer is attacked by variety of attacks. By attacking the network protocol,
the attacker knows the traffic pattern, enter into the routing path between the source
and destination and can control the network traffic flow.

1) Routing discovery attack:
Routing attacks target the route discovery or maintenance phase by not following
the rules of routing protocols. Routing message flooding attacks such as, hello flooding
attacks, acknowledgement flooding attacks, routing table overflow and RREQ flooding
are targeting the routing discovery phase.

2) Routing Maintenance attack:
Route maintenance phase is attacked by sending false control messages, such
as link broken error message. It causes route repairing or invocation of the costly
maintenance of route. For example, AODV and DSR implement path maintenance
procedures to recover broken paths. If the destination node or an intermediate node
along an active path moves, the upstream node of the broken link broadcasts a route
error message to all active upstream neighbors. The node also invalidates the route for
this destination in its routing table. Attackers could take advantage of this mechanism to
launch attacks by sending false route error messages.

3) Data forwarding attacks
Some attacks target the data forwarding phase. A malicious node participates in
the route discovery and maintenance phase but refuse to forward the packets. Instead
of forwarding the packets it simply drop the packet, modifying the contents or flood data
packets. They can also delay forwarding the time sensitive packets.

4) Other advanced attacks
i) Black hole Attack
In black hole attack, a malicious node uses its routing protocol in order to
advertise itself for having the shortest path to the destination node or to the packet it
wants to intercept. This hostile node advertises its availability of fresh routes
irrespective of checking its routing table. In this way attacker node will always have the
availability in replying to the route request and thus intercept the data packet and retain
it.
ii) Wormhole attack
In this attack, attacker uses private tunnel to forward the data. The tunnel
between to attackers is referred as wormhole. In this it records packets at one location
and forward them using tunnel to another location. Network is disrupted by tunneling the
control messages. If it is used in routing protocols such as DSR or AODV, it prevent
route discovery other than through the wormhole.

iii) Byzantine attack
A compromised node or a group of compromised nodes working together and
carry out attacks to disrupt the routing services. The attacks may include create routing
loops or selectively dropping packets.

iv) Rushing attack
This attack is proposed by Hu et al. In route discovery, RREQ forwarded by
attacker is first reach the neighbor of target. The routes obtained by this RREQ include
the attacker. The attacker can quickly forward the RREQ than the legitimate user and
this attacker is included in all the discovered routes.