Jump to content
QuoVadis

[paper] Black Nurse attack

By QuoVadis, in Stiri securitate

Recommended Posts

QuoVadis Newbie

QuoVadis

Posted
Posted

A Danish company recently discovered several low-volume DDoS attacks leveraging ICMP traffic against some of its clients. This attack is called BlackNurse, and it is a DDoS attack that leverages ICMP packets Type 3, Code 3. The attack causes some network equipment to overload the CPU with operations.

 

http://soc.tdc.dk/blacknurse/blacknurse.pdf

 

http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack

  • Upvote 2
Link to comment
Share on other sites
QuoVadis Newbie

QuoVadis

Posted
  • Author
Posted
43 minutes ago, Nytro said:

Deci trimiti ceva pachete cu Destination unreachable / port unreachable si gata, crapa?

In ce an suntem, '97?

 

Devices verified by TDC to be vulnerable to the BlackNurse attack:

  • Cisco ASA 5506, 5515, 5525, 5540 (default settings)
  • Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
  • Cisco Router 897 (unless rate-limited)
  • Palo Alto (unless ICMP Flood DoS protection is activated) - See advisory from Palo Alto.
  • SonicWall (if misconfigured)
  • Zyxel NWA3560-N (wireless attack from LAN Side)
  • Zyxel Zywall USG50
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...