'BlackNurse' DDoS attack targets firewalls vulnerable to ping flood
Security researchers have discovered a new distributed denial of service (DDoS) method that requires less effort to launch large-scale attacks that can bring down servers or firewalls from a single laptop.
The new method of launching DDoS attacks called BlackNurse was discovered by researchers at the Security Operations Center of the Danish telecom operator TDC (TDC SOC). It operates by using attacks based on low volume Internet Control Message Protocol (ICMP) to overload firewalls to the point where they shut down.
BlackNurse also specifically targets firewalls made by Cisco, PaloAlto and other companies that are vulnerable to a "ping flood attack" similar to the ones employed during the 1990s.
The researchers at TDC explained why they were drawn to this new method of launching DDoS attacks, saying: "The Black Nurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack. Based on our test, we know that reasonable sized laptop can produce approximately a 180 Mbit/s DDoS attack with these commands".
Though BlackNurse attacks can be quite effective, it is possible to reduce the severity of these new DDoS attacks. The researchers found that "disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily", which should limit their effectiveness.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Photo credit: sibgat / Shutterstock