The threat of "BlackNurse" threatening to bring down the server on only one laptop

DoS attackWhen trying to bring down the server with Vulnerable Server it is necessary to send volume of about 400,000 packets per second. In the DoS attack that occurred in 2016, the domain name service provider "Dyn" and the security site "Krebs On Security"And the French web host" OVH "are particularly impressive, and it has become a hot topic with attacks exceeding 1 terabit per second that are larger than conventional DoS attacks. Meanwhile, only one attacker with limited resources,Cisco SystemsAnd other large manufacturers protected by firewalls made by manufacturers are attacked until they go offline.

BLACKNURSE it CAN bring you down
http://blacknurse.dk/

New attack reportedly lets 1 modest laptop knock big servers offline | Ars Technica
http://arstechnica.com/security/2016/11/new-attack-reportedly-lets-1-modest-laptop-knock-big-servers-offline/


A security operation center based in DenmarkTDCNewly discovered "how to attack threats that can bring down servers even without resources" and named it "BlackNurse". A researcher at TDC who discovered this BlackNurse said, "The attack (BlackNurse) that our anti-DDoS solution has detected is that the traffic speed is low and the packet volume per second is very light, I am interested in this attack method from this. "

BlackNurse is used by routers and other network devicesInternet control notification protocol(ICMP) based data is used. The mechanism is to send a special ICMP packet to quickly place a burden on the CPU of the server on which a specific type of firewall is installed. By sending packets exceeding the limit of 15 Mbps to 18 Mbps, we can drop the target firewall and disconnect the server from the Internet.

ByTorkild Retvedt

TDC researchers have also discovered a new method of BlackNurse that sends 180 mbps packets on a single notebook PC. TDC "BlackNurse does not require Internet connection to be 1 Gbit / s.The impact of this attack is" high load on CPU "seen in different firewalls.The site is on the Internet It will no longer be able to send and receive traffic, and after all the attacks are done, the firewall will recover, "explains the features of BlackNurse.

According to TDC, 95 attacks using ICMP targeting customers of TDC have been reported in the past two years. Please note that it is not stated that all of these attacks are based on BlackNurse.

According to researchers at security company Netresec, BlackNurse seems to target firewalls made by Cisco Systems, Palo Alto Networks, SonicWall, Zyxel.