An Experiment with DDoS Attack on NodeMCU 12 e Devices for IoT with T 50 Kali Linux

This paper presents the results of an experiment with the Kali Linux operating system and T50 tool to simulate Distributed Denial of Service (DDoS) attacks on the NodeMCU12e controller device used in Internet of Things (IoT) projects. The motivation for the development of this study arose with the creation of different projects that deal with the subject involving the Internet of Things, as a necessity to evaluate the safety and capacity of these devices during an attack simulation, which affects security and exposes the fragility of architecture and construction model. The results showed the types of attacks that can be carried out, as well as the device's lack of ability to avoid these types of attacks, as well as the speed at which it is possible to stop the device services. Keywords—security; IoT; NodeMCU12e; T50; Kali Linux; DDos.


INTRODUCTION
The projects involving the Internet of Things stand out in the national and international market, mainly for the ease of connection between the different types of devices and equipment, allowing the creation of different types of projects that can meet the most varied needs, low cost and the experience of creating solutions quickly, yet with the ease of remote communication, provide an innovative and flexible experience.
When faced with academic research projects that use the Internet of Things as an object of study, it was possible to perceive the great possibilities of applications that this new technology provides, in this way several experiments were carried out with updated models to control equipment monitoring, or even to keep track of the health of individuals.The question that surrounds this study is a security analysis related to the access and use of the Internetof Things devices, which are usually interconnected by some type of network.
The Internet of Things as explained by CERP [8] and ITU-T [12], is a new technology that allows communication between things such as objects, devices or even equations can somehow communicate with one another, this by the ease of communication between a local network, internet type, radio and others.Evolving in conjunction with automation and mechatronics, the Internet of Things is an inexpensive and easily accessible technology, enabling the creation of the most varied solutions.
Due to the fact that it is an emerging technology, it lacks scientific content that can collaborate with the development and serve as a study base for new projects, in this way this work proposes to present the rest of an experiment that involves the security of the normally used disasitives in projects for the Internet of Things, and can serve as a theoretical basis for the creation of new solutions.
Security studies are also a great challenge because the possibilities and types of attacks can in some way stop several types of services or even damage equipment of different types of applications, so this study provides a type of simulation that may allow the researcher to apply in their projects, to somehow study the types of attacks that the devices may suffer during their use, also considering the impacts they may cause.
Several projects on residential, business or even service monitoring are presented, as well as applications directed to the health area, all of which may be impacted by some kind of invasion or security attack.strategies and techniques of prevention, with the most known types of attacks, in this study as a restriction of the project, only some types of attacks should be analyzed, these being the best known, proposed solutions may be presen ted in future studies, due to their extension and complexity.
The experiments were performed on a specific type of device, such as a controller, this device is usually used in conjunction with other devices, or even sensors, such as temperature, heart rate, pulse or devices as Arduino Uno, the most common, with little capacity, being used for small prototypes, or even for projects where a large operating process is not necessary and with very advanced controls.
With the rapid creation of devices provided to meet the different needs of the market, this project intends to attend a moment in which the concepts of INternet of Things are still in evolution, on the most varied processes, thus allowing a reflection on the need to to devote greater attention, also to studies that involve the security of the types of networks and devices used for the Internet of Things.

II.
BIBLIOGRAPH REVIEW When the bibliographic research was carried out on the key words that compose this work, the most relevant bases were used with IEEE Xplore, IEEE Latinamerca, Scopus and Google Scholar, and these did not present relevant results for the keywords IoT and T50, demonstrating that this research has relevant subject to compose the content in these basses of knowledge.
In this way, the scientific work involving general subjects, such as those that deal with the Internet of Things, was used as basic theory, some equivalent devices, as in the case of the Arduino controller, also relating the experience of some authors about the System Operational kali Linux, this being an appropriate environment for conducting simulations involving security.
Due to this lack of scientific references, technical papers and documentation, provided by manufacturers and specialists, were analyzed, as well as code libraries and discussion blogs.The technical documents collaborated with the practical experiment, enabling the tests and configurations, adapting the project to meet its objectives in the creation of a model that allows the simulation of DDoS-type attacks.
The internet of things is the main subject addressed in this study, considering the documents presented by CERP [8] and ITU-T [12], which are organizations responsible for maintaining, defining and releasing the relevant contents with the projects developed for the Internet of Things , being these models that are adopted by specialists in all the world.
The IEEE baselines are also of major importance because they are the main basis for information on academic contents, journals, conferences on subjects that deal with electronics, computing, security, networks and systems, often many important references are found in this base, allowing the distribution of academic and technical knowledge on different subjects and projects that approach the theme.
Most of the results obtained with this study are of practical origin, with the experience obtained in previous projects such as those presented by Bento [7], these experiences were the pillar of support for the realization of the project, incorporating other studies of relevant authors, even of specialists in the area who collaborated with the materials and references.
The bibliographical references on the methodology and techniques used to develop the structure of this article were developed based on the books and documents presented by Bento [7], Lakatos and Marconi [19], being thes last reference on best practices in the structure of project development of national research.
The studies were developed on the subject Internet of Things based on the works presented by: T. Shah ; S.

III.
METHOD AND MATHERIALS As a method, an experimental research was used, in which the technical studies developed on the devices are applied, as explained by Lakatos and Marconi [19] the objective of an experimental research is the creation of experiments that may represent some determinate phenomenon for analysis and evaluation purposes of the data collected during the research development.
Some types of research methods such as Lakatos & Marconi [19] and Bento [7], it is possible to verify the different forms of survey and analysis that can be applied in the most varied study models.In this case, this work has as specific objective to present the results according to the experiments developed on technological resources available in the national and international market.
As a first step, research was done on scientific research materials, technical documents and manuals of manufacturers, after the studies carried out, a comparative and practical analysis was developed on the devices to understand their workings, as well as their adequacy with the proposal of the studies, thus taking as its basis its technological resources and applicability.
After the studies were performed with the tools available in the Kali Linux operating system, with the purpose of understanding their application and structure characteristics, in this way it was possible to choose among the various tools available in the operating system, the library was then selected T50 tools, by itself a model with clear documentation and with simplicity for application in different environments.
After the initial understanding and tests, the devices and equipment necessary to apply the hypothesis of creating a possible environment for simulation of the attack tests with the T50 tool available in the Kali Linux Operating System were selected.
As material was used: a NodeMCU12e controller device, this device was selected due to comparative tests performed in the studies presented by Bento [7], highlighting its capacity, speed, size and low cost, incomapration with other controllers available in the market, such as the Arduino Uno.
The NodeMCU12e device was used in isolation during the project, only to meet the DDoS attack tests, because it has a system that allows it to act as a WiFi access point, because it has this recurrence already built into its architecture, in this way it was possible to carry out the attack simulations.
A Samsung 4G smartphone was also used to be used as a Web connection service, thus enabling the smartphone to communicate with two other computers, one notebook running the Kali Linux Operating System and the T50 library, another notebook with the Windows 10 64 operating system bits to connect to the NodeMCU12e controller and access your home page with Mozilla Firefox web browser, verifying that the connection is online and monitoring the resources used in the network.
In this way it was possible to analyze communications and data traffic between the devices, observing the results of the simulated attacks, enabling the creation of reports and the discussion about the data collected during the survey, a miniUSB cable was also used to connect the controller to the notebook and supply the power required to power the device, the Arduino IDE was used for construct the controller Algoritm.

IV.
RESULTS AND DISCUSSIONS In the initial studies, tools were analyzed that allow the simulation of Distributed Denial of Services (DDoS) attacks [1] [2] [6][13], that is, the sending of a large amount of data packet to stop the services of Web page servers, in this case the NodeMCU12e [7] [18], has features that enable it as an access point server, providing access to internal pages as if it were a web server.
A smartphone with external WiFi access was only used to allow external access to a WiFi network, the NodeMCU12e [7] controller can work in both formats, ie as an access provider and a client, and also has the ability to access pages in other external servers, these features can be manually configured in the device algorithm.For the construction of the algorithm, the Arduino IDE, an available tool for the development of algorithms for controller devices, was used, after the proper configuration, downloading of the libraries and access tests, one of the algorithm examples available in the tool, called NodeMCu AdvancedWebServer.ino, available soon after the installation of the correct library of the controlling device.
As an initial part of the configurations, the following libraries were used as well as the settings to access the controller device, it is important to observe the ESP8266WebServer command which allows configuring the device with an access server on port 80, the complete algoritm can be found with the Arduino IDE settings.
#include <ESP8266W iFi.h> #include <WiFiClient.h>#include <ESP8266WebServer.h>#include <ESP8266mDNS.h>const char *ssid = "yourSSID"; const char *password = "YourSSIDPass"; ESP8266WebServer server ( 80 ); Another important point is to observe the *ssid and *password variables, these must be used to access the external WiFi network available on the Smartphone, this feature is used simply for the controller to have client access and on external websites, such a resource should not be used in this project.
The controller algorithm generates a random graph when accessing the address by the web browser, demonstrating its active operation during access, in this way it is possible to monitor the access, the values vary every three seconds, presenting a new graphic, thus it is possible to identify if the access point is operational.Before the DDoS attack simulation Fig. 3, the network and devices have the following status, observing that there is only one computer with the Kali Linux operating system and another one computer with the Windows operating system on the same network, one to validate the attack and another to monitor the accesses to the controller, to generate the transfer tax reports Fig. 4. Windows 10 computer for monitoring the network tax transfer.Fig. 5.At this moment the constant status of the transmission rate and reception of the network data before the attack simulation is considered, considering an updated analysis every sixty seconds interval, after which the transmission processes for DDoS attack simulation are started Fig. 5.

Fig. 4. Task monitor running on the
Denial-of-service attacks are a specific class of pentest attacks (Penetration Testing, in which the idea is to send an excess of packets to a particular server.
Because the device or server is not ready to receive this high packet load, it will be overloaded, this will cause your bandwidth to slow and even crash.In the same time another computer was connected with the NodeMCU12e access point address, 192.168.43.39, that computer was used for monitoring the network and to access the NodeMCU12 webserver, monitoring the site access during the attack, the results show the site out of operations during the attack fig 11.

V.
CONCLUSIONS Based on the results obtained, it is possible to conclude that the Internet of Things presents many advantages ahead of the current devices used in clinics and hospitals, and even in the face of the difficulties, the use of Internet of Things in the area of health can bring several benefits to the professionals and institutions, benefits that contribute to an active monitoring, providing greater quality to the patients and ease of control for the doctor.
When analyzing the advantages of the adherence of a project developed with the Internet of Things, the low cost, the ease in the consultation of data for monitoring and in future visits, sharing of the information by several health information bases, objective organization and clear data and information, preventing diagnosis errors, during prescription and in drug interaction.
As disadvantages, one should consider the lack of a technical professional who understands the various interdisciplinary issues involved, for example, it is necessary to understand electronics, computing, networks, database, programming and still understand about the health area and the type of analysis that can be developed.

Fig. 2 .
Fig. 2. Network diagram with the devices and connections used during the project.
Fig. 4. Task monitor running on theWindows 10 computer   for monitoring the network tax transfer.Fig.5.At this moment the constant status of the transmission rate and reception of the network data before the attack simulation is considered, considering an updated analysis every sixty seconds interval, after which the transmission processes for DDoS attack simulation are started Fig.5.Denial-of-service attacks are a specific class of pentest attacks (Penetration Testing, in which the idea is to send an excess of packets to a particular server.Because the device or server is not ready to receive this high packet load, it will be overloaded, this will cause your bandwidth to slow and even crash.Basic commands used with T50: root@kali:~# t50 --flood 192.168.43.39 entering in flood mode...

Fig. 6 .
Fig. 6.Four DDoS attack simulation with T50 KaliLinux and packet injection tool 5.7.1.In that windows fig.5, is displayed the T50 application in conjunction with another windows.

Fig. 16 .
Fig. 16.NodeMCu12e monitoring site not working after the overload test.Fig. 17.After the six sequence of commands was possbile to analyze the results, when overloading the device NodeMCU12e with packages of data, this kind of attack is very usual when using address available in the internet, the results has demonstrated the capacity of the device for stay in operation during a usual attack, for only few seconds.