The goal of this attack is to cause DoS in some or all the nodes in the network by overflowing the LNID table in the Base Node.
In this mode, it is possible to replay traffic originally addressed to a Service Node in another different Service Node just by changing the LNID, SID, and LCID.
A first registration request is sent and the Base Node registers the node with LNID 236.
The NIDS module in this case was implemented similarly to the LNID overflow module to search in the traces for the number of different SIDs in defined time slots.
As in the LNID case, the system was validated with synthetic traces emulating a scenario under attack and several real traces in scenarios that were not under attack.
As the number of legitimate devices is normally much lower than the number of spoofed ones when the network is under this kind of attack, the impact can be reduced if, after the exhaustion of all the available LNIDs, the Base Node assigns them randomly.