5G Network Security Threat: Performing a DDOS Attack with UERANSIM
Summary
TLDRThis video tutorial demonstrates how to use UV9 sim to simulate a DDoS attack on an open 5G core network. It explains two potential attack vectors: disrupting the control plane with a signaling storm or choking the user plane after authentication. The presenter uses a single VM setup to illustrate the attack on the control plane, showing how to generate traffic to overwhelm the system, resulting in service disruption. The video concludes with a reminder of the importance of DDoS mitigation strategies in network development.
Takeaways
- 🚩 The video discusses using UV9 SIM to create a DDoS attack on a 5G core network.
- 📚 It explains two main ways to disrupt a 5G core network: attacking the control plane or choking the user plane.
- 🔐 To attack the user plane, an attacker must first be authenticated with the network.
- 📊 The video uses a diagram to illustrate how a DDoS attack can be implemented.
- 💻 Due to time constraints, a single VM setup is used, which limits the ability to use ping for data traffic.
- 📈 The presenter shows how to create a signaling storm by sending a large number of signaling messages.
- 🔄 The script demonstrates spinning up multiple instances of UEs to simulate a DDoS attack.
- 📉 The video highlights the impact of the attack on system resources, such as memory and CPU usage.
- 🚨 It warns that such attacks can cause network components like eNodeB to fail.
- 🛡️ The presenter emphasizes the importance of having DDoS mitigation capabilities for networks exposed to such attacks.
Q & A
What is the main topic of the video?
-The video discusses how to use UV9 Sim to create a DDoS attack, focusing on the technical aspects and potential scenarios.
What is UV9 Sim?
-UV9 Sim is a tool that can be used to simulate user equipment (UE) in a 5G network, which the video uses to demonstrate how DDoS attacks can be conducted.
Why does the presenter use a single VM setup for the demonstration?
-The presenter uses a single VM setup due to time constraints, but notes that it limits the ability to use ping for data traffic.
What are the two components of an open 5G core network mentioned in the video?
-The two components are the control plane, which handles signaling, and the user plane, which handles user data or UE traffic.
How can an attacker disrupt a 5G core network?
-An attacker can disrupt a 5G core network by either creating a packet storm to overwhelm the control plane or by choking the user plane after authenticating with the network.
What is a signaling storm in the context of the video?
-A signaling storm is a type of DDoS attack where a large number of signaling messages are sent to the network, overwhelming its ability to process signals.
What does the presenter mean by 'disruption of the user plane'?
-Disruption of the user plane refers to flooding the network with data traffic after authentication, which can overwhelm the network's capacity to handle user data.
How does the presenter demonstrate the creation of a signaling storm?
-The presenter demonstrates creating a signaling storm by using UV9 Sim to connect multiple UE instances to the network, causing a high volume of signaling traffic.
What is the impact of reducing the VM's memory and CPU on the demonstration?
-Reducing the VM's memory and CPU shows the limitations of the system when it has reduced capabilities, making it easier to demonstrate the effects of a DDoS attack on the network.
What is the presenter's advice for developers regarding network security?
-The presenter advises developers to implement DDoS mitigation capabilities when creating networks that could be exposed to such attacks.
How does the presenter show the effects of a DDoS attack on the eNodeB?
-The presenter shows the effects by simulating a large number of UE connections, causing the eNodeB to fail due to high CPU usage and memory consumption.
Outlines
📡 Introduction to DDoS Attacks Using UV9 Sim
The speaker begins by welcoming viewers to the video and introduces the topic of using UV9 Sim to create a Distributed Denial of Service (DDoS) attack. The video aims to explain the concept based on a comment received, focusing on how such an attack can be executed. A diagram is mentioned as a tool to illustrate the process. The speaker clarifies that due to time constraints, they are using a single Virtual Machine (VM) setup, which limits the use of ping for data traffic. The video will demonstrate how to implement a scenario for a DDoS attack on an open 5G core network, explaining the components of the network and the two potential targets for disruption: the control plane and the user plane. The speaker outlines two methods of attack: disrupting the control plane with a packet storm or choking the user plane after authentication. The video will show how to create a signaling storm, which is a type of DDoS attack, and how to use the same UE (User Equipment) for multiple connections after authentication to disrupt the network.
🔁 Demonstrating DDoS Attack Simulation
In this segment, the speaker demonstrates how to use the UE and Sim tool to spin up multiple instances of eNBs (Evolved Node Bs) to simulate a DDoS attack. The speaker shows the configuration of MC1 through MC10 and how using the '-n' parameter can start multiple instances. The memory usage is monitored, and the speaker then reduces the VM's memory to 1GB and CPU to 1 to illustrate system limitations under stress. The speaker initiates a loop in a shell script to repeatedly attempt connections, which increases memory and CPU usage dramatically, eventually causing the eNodeB to fail. The speaker emphasizes the importance of having DDoS mitigation capabilities when developing networks that could be exposed to such attacks. The demonstration shows how resource constraints can lead to system failure under a simulated DDoS attack.
🛡️ Importance of DDoS Mitigation in Network Development
The final paragraph summarizes the demonstration and its implications. The speaker notes that instead of taking down the AMF (Access and Mobility Management Function), the attack focused on disrupting the eNodeB. They highlight that similar techniques could be used to disrupt other network components like AMF or UPF (User Plane Function). The speaker advises that when developing networks, especially those exposed to potential DDoS attacks, it's crucial to have mitigation strategies in place. The video concludes with a call to action for viewers to like the video if they found it helpful and signals the end of the presentation.
Mindmap
Keywords
💡DDoS attack
💡UV9 Sim
💡5G core network
💡Control plane
💡User plane
💡Signaling storm
💡UE (User Equipment)
💡AMF (Access and Mobility Management Function)
💡Multi-VM setup
💡MC (Mobility Management Context)
💡CPU usage
Highlights
Introduction to using UV9 sim to create a DDOS attack
Explanation of the scenario for performing a DDOS attack
Limitation of using a single VM setup for DDOS attack simulation
Components of an open 5G core Network and their functions
Two ways to disrupt a 5G core Network: control plane and user plane
Creating a signaling storm to disrupt the control plane
Authentication required to disrupt the user plane
Using UE to create multiple connections to disrupt the user plane
Single VM setup limitations for internet communication
Demonstration of connecting multiple UEs to the network
Impact of memory and CPU usage on the system's capability
Creating a loop to continuously connect UEs
Simulation of a DDOS attack causing the eNodeB to fail
Potential to disrupt AMF, UPF, or PFCP with similar methods
Importance of having DDOS mitigation capabilities in networks
Conclusion and call to action for viewer engagement
Transcripts
hey everyone welcome to this video
so in this video I am going to talk
about how you can use uv9 sim to create
a DDOS attack
and this is just a kind of a reference
that I got one of the comment to explain
how it is possible and how we can do so
so first let me explain you with help of
a diagram how it is possible and what is
the scenario that we can Implement to
perform this DDOS attack
so suppose in case of our installation
we have
I'm using because I didn't have much of
time to set up the 2vm setup so in this
case I'm using only single VM and the
limitation with single VM is that we
will not be able to use ping for the
data traffic but I am going to explain
how
we can implement this
scenario
now this is just a open 5gs core Network
right
in the core Network we have two
components basically if we think of the
related functionality one is the control
Pane and the second one is
the user type right so the user plane is
the part which handles the
user data or the UE traffic
in case of any core Network
if any attacker wants to disrupt it
to disrupt this
core Network
there are two ways to do so first is
he can disrupt the control plane
by kind of a packet storm so that the
signal processing taken care by the
network is choked and it's not able to
carry out any more signal processing
the second one is choking the user pane
but for this it needs to be first
authenticated with the network
this is the description of
control pin
and the second one is disruption of the
user blade
now keep in mind with disruption of the
control plane there are multiple
functions in 5G Network at an attacker
you can try to take out any one of it
but in this
example I will show you how we can
create a signal strum we call it a
signaling
Tom
so the second part would be if you are
authenticated then you can use the same
UE to have multiple connection using UE
Lan Sim
if you know all the details of that UE
and
try out
multiple streams of data for example
you have this MC and you know all these
values you can
configure it with all these values and
then what you can do
you have the same you are authenticated
with the code Network all right that's
good the second part would be what you
would do
you will just
send large streams of data here
on the user plane
to disrupt it with the same zip
and
once you are authenticated your
signaling is very less
you are allowed to do anything in the
network and with this this Sim you would
be able to have n number of
you can say instances running with you
and Sim which can disrupt the user plane
so in this example I'm going to show you
this disruption of the control plane and
how it is easily possible
just to find 10 Sims here
if you want you can Define more all
right so um so I'm in my installation
and I have a single VM setup so I will
just start my G note B so I have only
one G note B here defined and as soon as
I started you can see it is trying to
establish a certification satv is a it's
able to contact the AMF so NG setup is
okay
in the second session I will try to
connect one UE
and you can see everything is going good
or UV signaling is up I will not be able
to Ping any IP through this interface
because I'm using a single VM setup in
case you want to use open 5js and UI and
Sim to communicate with the internet you
need to use a multi-vm setup now
so far so good
in here what I can do is
I can I will just connect two more
sessions so one is tail hyphen f for log
amf15ds
AMF log so I will see what are the logs
going on in the AMF in this session and
I'll just do a great SSH
and here
let me just do an H
so I will check the status of my memory
usage
now just close this connection and what
I will do
so in UE and Sim so let me just clear it
so in UE and Sim there is an option
hyphen n where you can spin up multiple
number of emcees
and it will just replace the emcees in
serely so for example if you define MC1
here so if I show you the configuration
here I have MC1 mc2 and so on till 10.
so I have around 10 in C here so if I
just pass this parameter hyphen and 10
it will start those 10 MCS so you can
see 10 MCS are connected and
all of them are successful
memory usage is not
that I would say increased so I'll just
power off this machine
and what I will do inside my VM
I will just reduce the memory to
1GB and CPU would be 1.
so that I can show you what is the
limitation of the the system once it is
once it has a reduced capability
all right now you can see in the edge
top I have around four fifty percent of
memory already used
and
point seven percent off or 1.3 percent
of the CPU now my denote weighs up
and I'm going to start around 100 us now
and let's see only 10 would be able to
connect but let's see what would be the
impact so if you see here
it has increased a shot up to around 80
percent
but then suddenly the case because none
of these UE were able to connect
I can form a loop where I can ask it to
keep on connecting again and again
and then it will try to
break
so let me just create a loop here so
I'll go to mice
one more session here
to config and I will create a
club.sh
and
this is a shell script so I'll just type
bed and Bash
for I in
1 10 so it will run for 10 times
do
and I will run
what was my command here
just run the same command
and what I will do I will just
give it the executable access clear the
screen and
let's break my VM
so you can see here
it's shot up to 94 percent again
reduced to 1.4 percent this can create a
signal storm here
see
my e node B actually died up
and
there's a lot of failure
and let us check what is the status of
okay AMF is running but
the gene would be dried up
okay it's going on
okay
so as you can see my U is still able to
connect because the resources are not
tied up again so just close this
enter the script again
so my UE is connected
and I'm going to spin up around 400 UVs
let's see what happens
okay 40 percent and then
it has shot up to 100 CPU usage
and all right I have by G note B again
died
and my UV got disconnected
so as you can see this is kind of a DDOS
attack where
the issue is that my G note B is in the
C same VM
so rather than taking out the AMF
it's just breaking down the
gene or B
but in the same way
this can be used to disrupt AMF or UPF
or pfcp depending upon what type of
system it is targeting so
keep in mind whenever you are developing
a
Network
which is exposed to such such sort of
reduce attack you need to have Adidas
mitigation capabilities in place as well
I hope this was relevant to what
you guys were looking for and in case
you enjoyed this video give it a thumbs
up and I will see you in the next one
浏览更多相关视频
DDoS Attack Explained | How to Perform DOS Attack | Ethical Hacking and Penetration Testing
Advanced Wireshark Network Forensics - Part 3/3
DDoS Attack | DDoS Attack Explained | What Is A DDoS Attack? | Cyber Attacks Explained | Simplilearn
Serverless to Homeless - Case study
Tutup DDOS attack dan port scaning dengan mikrotik firewall
KEAMANAN JARINGAN | 3.1.3 JENIS DAN TAHAPAN SERANGAN KEAMANAN JARINGAN - FASE F (SMK TJKT)
5.0 / 5 (0 votes)