The purpose of the project is to experiment the SlowITe attack on MQTT broker on raspberrypi.

mosquitto_sub -h <IP address> -t <topic>

mosquitto_pub -h <IP address> -t <topic> -m "message"

First of all, you have to type the following line on your shell in order to install and manage the other software packages, written in Python, used in this project (for more info click here).

sudo apt install python3-pip

Then, you have to install on Ubuntu:

• paho-mqtt: provides a client class which enable applications to connect to an MQTT broker to publish messages, and to subscribe to topics and receive published messages.

  sudo pip3 install paho-mqtt

• tqdm: shows a progress in a loop, using a smart progress meter.

  sudo pip3 install tqdm

• Mosquitto MQTT Broker: open source message broker that implements the MQTT protocol versions 5.0, 3.1.1 and 3.1.

  sudo apt-add-repository ppa:mosquitto-dev/mosquitto-ppa
  sudo apt-get update
  sudo apt-get install mosquitto
  sudo apt-get install mosquitto-clients

  After that, Mosquitto is installed as a service and should start automatically after install. To test if it is running, use commands netstat -at (you should see the Mosquitto broker running on port 1883) or sudo service mosquitto status.

MQTT_SlowDoS.py

$ python3 MQTT_SlowDoS.py -a broker_address [-p broker_port] [-k keep_alive] [-h | --help]

Arguments:

sudo nano /etc/mosquitto/mosquitto.conf command to change the config file
Add the following lines and save it
allow_anonymous true
listener 1883

Now run the code from the command given above

Go inside config by sudo nano /etc/mosquitto/mosquitto.conf
Edit the config file to add log_dest topic and log_dest syslog
Then save the file and reboot system

Subscribe and publish to the broker using the following commands
mosquitto_sub -v -h hostname -t '$SYS/broker/log/#'
mosquitto_pub -h hostname -t '$SYS/broker/log/N' -m msg
Now you will be able to see each clients details while they are trying to connect to the broker in real time as shown below.

Start attack in this scenerio and observe. There will be so many clients creation with the same ip address simultaniously. This way you can check if broker is under attack or not.

For authentication add the following lines in configuration file of broker here it is raspberrypi
allow_anonymous false
mosquitto_passwd -c /etc/mosquitto/pwfile

Don't forget to reboot!!

To create new client run sudo mosquitto_passwd -c /etc/mosquitto/pwfile username

To check if authentication is working try to publish and subscribe by command below

mosquitto_sub -h broker_address -u username -P password -t topic

mosquitto_pub -h broker_address -u username -P password -t topic -m msg

Now try to execute the attack. It wont be able to stop the broker because of the authentication.

For the prevention authentication is good enough. Do same as mentioned above.

For this you have to make changes in the MQTT_SlowDoS.py file by----

Step1: Comment the part of code as shown below

Step2: Uncomment part of code as shown below

Step3: Run the code by python3 MQTT_SlowDoS.py -a hostname -p 1883 -k 60 Now observe the output if you gets connection refused then attack is unsuccessful otherwise successfull.