New DoS attack vector : Blacknurse
BlackNurse is the name of a recently discovered network attack that can crash firewalls and routers via ICMP type 3 code 3 packets (destination unreachable, port unreachable). It is not the same as a conventional ICMP (type 8 code 0 (echo)) flood attack. Blacknurse has a relative low pps rate, but still manages cause problems to firewalls of some vendors.
It’s unclear why the ICMP Type 3 Code 3 requests overload firewall’s CPU. However, researchers at SANS Internet Storm Center believe it’s tied to firewall logging.
▻http://www.bleepingcomputer.com/news/security/blacknurse-attack-low-volume-ping-packet-traffic-can-shut-down-som
▻http://soc.tdc.dk/blacknurse/blacknurse.pdf
▻https://threatpost.com/blacknurse-low-volume-dos-attack-targets-firewalls/121916
▻http://www.netresec.com/?page=Blog&month=2016-11&post=BlackNurse-Denial-of-Service-Attack
#Blacknurse #DoS #DDoS