Sign up for The Paypers newsletter Follow The Paypers on LinkedIn Follow The Paypers on Twitter Follow The Paypers on Facebook Follow The Paypers on Google +
The Paypers, paypers, Insight in payments, News, Reports, Events
 advertisement
Digital Identity, Security & Online Fraud

BlackNurse DDoS attack resistant to some firewalls

Tuesday 15 November 2016 | 11:53 AM CET

The security operations centre of TDC Group, Denmark’s main telecom provider, has cautioned some firewalls can be overwhelmed by a new variant of an Internet Control Message Protocol (ICMP) attack.

CISOs often worry about high volume distributed denial of service attacks (DDoS) using Webcams and other consumer Internet-connected devices to stall business operations. According to a paper issued by TDC’s security group, the technique, dubbed ‘BlackNurse’, uses type 3 (destination unreachable) code 3 (port unreachable) packets to launch an attack of 40 to 50K packets per second with a traffic speed of 15-18 Mbit per second. Though it is different and slower than a traditional ICMP ping flood attack, it is still effective in overwhelming CPUs on some firewalls trying to process ICMP errors.

This vulnerability or misconfiguration of some firewalls is easy to misuse and impact can be high for those that allow ICMP to the firewall’s outside interface. Therefore, they could be easy targets for the BlackNurse attack. Having high bandwidth is no guarantee that this DoS/DDoS attack will not work. Many firewall implementations handle ICMP in different ways, and different vendors can be subject to attacks.

The report says some models of Cisco Systems’ ASA firewalls are vulnerable. TDC security researchers have created a SNORT rule for intrusion detection/prevention devices in their report to detect the attack, although the default timing may have to be adjusted to what is normal for each organization’s firewall.

More: Link
 advertisement
 advertisement
 advertisement
 advertisement