QuoVadis Posted November 15, 2016 Report Share Posted November 15, 2016 A Danish company recently discovered several low-volume DDoS attacks leveraging ICMP traffic against some of its clients. This attack is called BlackNurse, and it is a DDoS attack that leverages ICMP packets Type 3, Code 3. The attack causes some network equipment to overload the CPU with operations. http://soc.tdc.dk/blacknurse/blacknurse.pdf http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack 2 Quote Link to comment Share on other sites More sharing options...
Nytro Posted November 15, 2016 Report Share Posted November 15, 2016 Deci trimiti ceva pachete cu Destination unreachable / port unreachable si gata, crapa? In ce an suntem, '97? 1 Quote Link to comment Share on other sites More sharing options...
QuoVadis Posted November 15, 2016 Author Report Share Posted November 15, 2016 43 minutes ago, Nytro said: Deci trimiti ceva pachete cu Destination unreachable / port unreachable si gata, crapa? In ce an suntem, '97? Devices verified by TDC to be vulnerable to the BlackNurse attack: Cisco ASA 5506, 5515, 5525, 5540 (default settings) Cisco ASA 5550 (Legacy) and 5515-X (latest generation) Cisco Router 897 (unless rate-limited) Palo Alto (unless ICMP Flood DoS protection is activated) - See advisory from Palo Alto. SonicWall (if misconfigured) Zyxel NWA3560-N (wireless attack from LAN Side) Zyxel Zywall USG50 Quote Link to comment Share on other sites More sharing options...
albertynos Posted November 15, 2016 Report Share Posted November 15, 2016 Asta e de anii 90' Quote Link to comment Share on other sites More sharing options...
QuoVadis Posted November 15, 2016 Author Report Share Posted November 15, 2016 (edited) 1 hour ago, albertynos said: Asta e de anii 90' Este de anii '90 dar problema e ca inca multe companii au routere vulnerabile: PoC: https://github.com/jedisct1/blacknurse Discutie: https://news.ycombinator.com/item?id=12950343 Edited November 15, 2016 by QuoVadis 1 Quote Link to comment Share on other sites More sharing options...