Isolated attackers with limited resources could take down large servers if they are protected by certain firewall solutions from Cisco Systems or other manufacturers.
Type technique denial of service requires data volumes of only 15 Mb, or about 40,000 packets per second, to block the internet connection of vulnerable servers. This is while domain provider Dyn, the security site KrebsOnSecurity or the French hosting provider OVH were recently bombarded with volumes exceeding 1 terabit per second.
Researchers from the Danish security company TDC Security Operations Center have named the new attack technique BlackNurse. The Black Nurse uses data based on Internet Control Message Protocol, used by routers and other devices to send or receive error messages. By sending a special type of ICMP packet, attackers can quickly overload the processors of certain types of firewalls. After reaching a threshold of 15-18 mbps, targeted firewalls reject so many packets that the server behind them is effectively disconnected from the internet. Danish researchers simulated an attack using a regular laptop to unleash the Black Nurse.
According to Netresec, which collaborates with TDC Security, the attack is effective against firewalls from Cisco Systems, Palo Alto Networks, SonicWall and Zyxel. The specific models are listed below. in this article.
Palo Alto Networks reported that its devices were vulnerable only in specific scenarios that contravene good server administration practices. Cisco said it did not consider the situation a security issue.
More about security solutions, here.