This new attack was discovered by TDC engineers. http://www.blacknurse.dk/
The attack falls on the lines of an ICMP flood attack. The ICMP flood attack involves flooding the target with large amount of traffic whereas black nurse attack requires a very minimal ping traffic while leveraging on ICMP Type 3 Code 3 ( Destination Port Not Reachable ) .
An attack from a laptop can go upto 180 megabits per sec and bring down the firewall effectively. The attack is effective and Cisco and Palo Alto and a few more. This attack is possible only if you have allowed ICMP Type 3 Code 3 to outside interfaces.
http://soc.tdc.dk/blacknurse/blacknurse.pdf
Test your system with this Proof of Concept Code to check if you are vulnerable.
https://github.com/jedisct1/blacknurse
If vulnerable check with your vendor website to mitigate the risk.
Worst case- your router crashes and after the flooding, your router comes back up.
No comments:
Post a Comment