BlackNurse

hping3 -1 -C 3 -K 3 -i u20 <target ip> hping3 -1 -C 3 -K 3 --flood <target ip>
Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls.

BlackNurse is based on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth.

Low bandwidth is in this case around 15-18 Mbit/s. This is to achieve the volume of packets needed which is around 40 to 50K packets per second.

The impact we see on different firewalls is typically high CPU loads. When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet. Firewalls recover when the attack stops.

Be the first to comment

You can use [html][/html], [css][/css], [php][/php] and more to embed the code. Urls are automatically hyperlinked. Line breaks and paragraphs are automatically generated.