Remember the days back in the 90s when you could cripple someones Internet connection simply by issuing a few PING command like “ping -t [target]”? This type of attack was only successful if the victim was on a dial-up modem connection. However, it turns out that a similar form of ICMP flooding can still be used to perform a denial of service attack; even when the victim is on a gigabit network.
Devices verified by TDC to be vulnerable to the BlackNurse attack:
Cisco ASA 5506, 5515, 5525, 5540 (default settings)
Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
Cisco Router 897 (unless rate-limited)
Palo Alto (unless ICMP Flood DoS protection is activated) – See advisory from Palo Alto.
SonicWall (if misconfigured)
Zyxel NWA3560-N (wireless attack from LAN Side)
Zyxel Zywall USG50
Source: BlackNurse Denial of Service Attack – NETRESEC Blog
Robin Edgar
Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft
robin@edgarbv.com
https://www.edgarbv.com