Implementation for amplification attacks targeting CoAP

[salmeghlef]

Hello guys, I need the amplification attacks that targets CoAP implemented in C or any other programming language: 1- Simple Amplification Attacks 2-Amplification Attacks using Observe 3- Amplification Attacks using Group Requests 4- MITM Amplification Attacks

More details about the attacks can be found at https://datatracker.ietf.org/doc/html/draft-mattsson-t2trg-amplification-attacks#name-simple-amplification-attack

You cooperation is highly appreciated

[boaks]

1. This is the main question. Creating/crafting a UDP message with a spoofed source ip-address, basically requires a web search. Once your "prepared" your message and send it, you will see, if the network components on the route detects it and blocks it, or deliver it.

2. If you setup your own coap-server, just configure the block-size to 1024 and sent back 1000 bytes of random payload. If it's a foreign coap-server, then just again search the web.

3. If you setup your own coap-server, use NON notifies.

4. If you setup your own coap-servers, there is nothing special.

5. If you setup your own coap-servers, use NON notifies. I guess, the most implementations do not support multicast and observer together.

Overall, you may recognize, that there is a difference/gap between being not able to "exclude" an attack and to "demonstrate" an attack. Assuming, that the most public internet traffic is encrypted, the attack is getting less easy. In the end, you may be able to demonstrate the attack for your own local servers in your own local network, but fail, to apply such attack on the public network and foreign servers.

[emanjon]

As Achim writes, you have two options depending on what you are interested in.

A. Use an existing NoSec CoAP server accesible over the Internet. In March 2022 there was around 400,000 such servers

B. Setup your own coap-server, which is trivial using one of the exisitng libraries. http://coap.technology/impls.html Maybe there are even easier ways with ready to use containers?

[salmeghlef]

Thanks guys for your valuable responses. Indeed, I plan to simulate these attacks on my local machine that runs coap server and coap client properly, Thanks to the founder of libcoap for implementing such protocols. This link https://datatracker.ietf.org/doc/html/draft-mattsson-t2trg-amplification-attacks demonstrate the attacks I am talking about in details. Please refer to the website and tell me how I can implement such attack scenarios on my local machine. No need for production coap servers since they have a coherent security systems. Thanks again

[emanjon]

Seems like this issue can be closed.

If needed continue discussion at https://github.com/t2trg/t2trg-amplification-attacks/issues

(Due to lack of owner rights I could not transfer this repository and instead had to make a new one, I will manually create new issues there for any open issues).