DoS technique lets a single laptop take down an enterprise firewall

dcdataPublic, Uncategorized

At a time when the size of distributed denial-of-service attacks has reached unprecedented levels, researchers have found a new attack technique in the wild that allows a single laptop to take down high-bandwidth enterprise firewalls.

The attack, dubbed BlackNurse, involves sending Internet Control Message Protocol (ICMP) packets of a particular type and code. ICMP is commonly used for the ping network diagnostic utility, and attacks that try to overload a system with ping messages — known as ping floods — use ICMP Type 8 Code 0 packets.

BlackNurse uses ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) packets instead and some firewalls consume a lot of CPU resources when processing them.

According to experts from the Security Operations Center of the Danish telecom operator TDC, it would take from 40,000 to 50,000 ICMP Type 3 Code 3 packets a second to overload a firewall. This is not a large number of packets and the bandwidth required to generate them is 15Mbps to 18Mbps, which means that BlackNurse attacks can be launched from a single laptop.

Full Story