New DDoS attack method can bring down servers and firewalls from a laptop

Researchers have discovered a new method for launching DDoS attacks called BlackNurse that requires less effort and resources than traditional means.

Security researchers have discovered a new distributed denial of service (DDoS) method that requires less effort to launch large-scale attacks that can bring down servers or firewalls from a single laptop.

The new method of launching DDoS attacks called BlackNurse was discovered by researchers at the Security Operations Centre of the Danish telecom operator TDC (TDC SOC). It operates by utilising attacks based on low volume Internet Control Message Protocol (ICMP) to overload firewalls to the point where they shut down.

BlackNurse also specifically targets firewalls made by Cisco, PaloAlto and other companies that are vulnerable to a “ping flood attack” similar to the ones employed during the 1990s.

The researchers at TDC explained why they were drawn to this new method of launching DDoS attacks, saying: “The Black Nurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place.  We had expected that professional firewall equipment would be able to handle the attack.

“Based on our test, we know that reasonable sized laptop can produce approximately a 180 Mbit/s DDoS attack with these commands.”

Though BlackNurse attacks can be quite effective, it is possible to reduce the severity of these new DDoS attacks. The researchers found that “disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily" which should limit their effectiveness. 

Image Credit: Profit_Image / Shutterstock

ABOUT THE AUTHOR

Anthony currently resides in South Korea where he teaches and experiences Korean technological advances first hand.