Security Researchers have discovered a new attack technique known as BlackNurse. An attacker doesn’t need an IoT botnet or considerable resources for a denial of service attack to knock large servers’ offline; all it takes is one laptop for a “BlackNurse” attack to bring vulnerable Cisco, SonicWall, Palo Alto and Zyxel firewalls to their knees.
BlackNurse attack uses the message loophole Internet Control Message Protocol, which routers and other networking devices use to send and receive error messages. As there is not protection or limit to the ICMP sending or receiving such messages, BlackNurse attack leverages it by sending a special type of ICMP packets—specifically Type 3 ICMP packets with a code of 3 which the hackers can use to bring unwanted load on CPUs and servers protected by Cisco and other company made Firewalls. Moreover, researchers also found out that after reaching a threshold of 15 Mbps to 18 Mbps, the targeted firewalls drop so many packets that the server driving it offline. Using the same dud ICMP packets, the researchers conducted a BlackNurse attack using a single laptop by sending in just 180 Mbps and brought down a server.
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street