Skip to main content

New DDoS attack method can bring down servers and firewalls from a laptop

Security researchers have discovered a new distributed denial of service (DDoS) method that requires less effort to launch large-scale attacks that can bring down servers or firewalls from a single laptop.

The new method of launching DDoS attacks called BlackNurse was discovered by researchers at the Security Operations Centre of the Danish telecom operator TDC (TDC SOC). It operates by utilising attacks based on low volume Internet Control Message Protocol (ICMP) to overload firewalls to the point where they shut down.

BlackNurse also specifically targets firewalls made by Cisco, PaloAlto and other companies that are vulnerable to a “ping flood attack” similar to the ones employed during the 1990s.

The researchers at TDC explained why they were drawn to this new method of launching DDoS attacks, saying: “The Black Nurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down. This even applied to customers with large internet uplinks and large enterprise firewalls in place.  We had expected that professional firewall equipment would be able to handle the attack.

“Based on our test, we know that reasonable sized laptop can produce approximately a 180 Mbit/s DDoS attack with these commands.”

Though BlackNurse attacks can be quite effective, it is possible to reduce the severity of these new DDoS attacks. The researchers found that “disabling ICMP Type 3 Code 3 on the WAN interface can mitigate the attack quite easily" which should limit their effectiveness. 

Image Credit: Profit_Image / Shutterstock

Anthony Spadafora
After living and working in South Korea for seven years, Anthony now resides in Houston, Texas where he writes about a variety of technology topics for ITProPortal.