Forget hacking IoT devices — Researchers have discovered a new denial of service (DoS) technique called BlackNurse that can disrupt high-end network hardware with nothing but just a single laptop.
A newly discovered Denial of Service method can easily sabotage high-end network hardware without even needing extensive equipment. It needs one laptop to fulfill the deed. This new technique has reduced the infrastructure requirements for pulling off wide-scale attacks.
Typically, DDoS attacks require big numbers to accomplish the malicious task; such attacks usually involve hundreds of thousands of devices as well as countless IP addresses. Collectively, they bombard a network or server with humongous amounts of data to make the service halt its operations and stop functioning. The attacker uses the infected devices to send out fake requests to a server so that all of its resources get tied up and the system gives up. Technically it is also called Distributed Denial of Service (DDoS) attack.
However, there is a new kind of Denial of Service (DoS) attack that doesn’t require so many devices to launch a full-fledged, wide-range attack. The technique is dubbed as “BlackNurse” and has been discovered by a Danish company TDC. This particular kind of attack doesn’t need a huge army of devices to block the server.
What BlackNurse does is that it sends out a certain Internet Control Message Protocol (ICMP) error message in low volume. This message can easily overwhelm the processor of a firewall. If the internet connection is fairly quick, the method just needs one laptop to conduct the massive attack.
Previously the attackers utilized Ping Flood, which is a relatively different ICMP attack used to bombard servers with heavy traffic.
In their analysis report, the TDC explains [Pdf] about how they identified BlackNurse and how it works. Some excerpts from the report are as follows:
“The BlackNurse attack attracted our attention because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers’ operations down.”
“This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack.”
It is also noted that BlackNurse is a lot more efficient than customary techniques of DDoS despite using one laptop. It is even more effective than the series of large-scale DDoS attacks that took down DynDNS’ servers and the security researcher Brian Kreb’s blog site.
Netresec, a renowned security firm, states that BlacKNurse can disrupt any network with just a fraction of what was required in the above-mentioned attacks as it only needs around 21 Mbps to take down a firewall. It is also different because, with little effort, it inflicts similar damage done by other attacks of up to 1 Tbps. It is also identified that BlackNurse uses ICMP type 3 Code 3.
Netresec has noted that the most vulnerable firewalls are those created by Palo Alto Networks, Cisco, Sonicwall and Zyxel. A majority of devices used in BlackNurse attack were designed for home usage or for small-sized businesses.