QuoVadis Posted November 15, 2016 Report Posted November 15, 2016 A Danish company recently discovered several low-volume DDoS attacks leveraging ICMP traffic against some of its clients. This attack is called BlackNurse, and it is a DDoS attack that leverages ICMP packets Type 3, Code 3. The attack causes some network equipment to overload the CPU with operations. http://soc.tdc.dk/blacknurse/blacknurse.pdf http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack 2 Quote
Nytro Posted November 15, 2016 Report Posted November 15, 2016 Deci trimiti ceva pachete cu Destination unreachable / port unreachable si gata, crapa? In ce an suntem, '97? 1 Quote
QuoVadis Posted November 15, 2016 Author Report Posted November 15, 2016 43 minutes ago, Nytro said: Deci trimiti ceva pachete cu Destination unreachable / port unreachable si gata, crapa? In ce an suntem, '97? Devices verified by TDC to be vulnerable to the BlackNurse attack: Cisco ASA 5506, 5515, 5525, 5540 (default settings) Cisco ASA 5550 (Legacy) and 5515-X (latest generation) Cisco Router 897 (unless rate-limited) Palo Alto (unless ICMP Flood DoS protection is activated) - See advisory from Palo Alto. SonicWall (if misconfigured) Zyxel NWA3560-N (wireless attack from LAN Side) Zyxel Zywall USG50 Quote
QuoVadis Posted November 15, 2016 Author Report Posted November 15, 2016 (edited) 1 hour ago, albertynos said: Asta e de anii 90' Este de anii '90 dar problema e ca inca multe companii au routere vulnerabile: PoC: https://github.com/jedisct1/blacknurse Discutie: https://news.ycombinator.com/item?id=12950343 Edited November 15, 2016 by QuoVadis 1 Quote
