BlackNurse DDoS attack can ‘overload firewalls from a laptop’

When it comes to launching successful DDoS attacks, bigger should always be better.

It’s a simple equation: more traffic and more devices generating that traffic equals more chance of knocking a server offline.

Now researchers at Danish firm TDC have documented a type of DDoS attack that uses modest traffic volumes to do the same job, possibly controlled from a single laptop.

Dubbed “BlackNurse”, the technique works by targeting specific models of firewall with rogue ICMP Code 3 port unreachable error messages, overloading their CPUs and causing them to start dropping packets.

The volume of traffic mentioned is between 15 and 18 megabits per second (around 40,000 to 50,000 packets per second), which is modest by DDoS standards and puny next to the 1.2 terabits per second that were reportedly aimed at DNS infrastructure firm Dyn during the recent Mirai botnet attack.

In other words, instead of choking the network with lots of packets, BlackNurse overloads one part of a single device, achieving the same result with far less effort.

The fact that one person might be able to pull off the attacks is alarming, but why firewalls? Aren’t DDoS attacks normally directed at servers?

Firewalls are security systems that typically sit between the internet and your servers to decide whether an individual connection request to a service should be allowed or not.

If it is, such as an HTTP request on to port 80 on your web server), the connection is made. If the packet isn’t permitted, such as an email request to a file server, it is blocked.

In other words, bogging down your firewall has the same effect as bogging down all the web servers behind it, because the packets can’t reach the web servers without going through the firewall first.

As TDS put it:

When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet.

BlackNurse reminds us that any infrastructure can be targeted if the attackers have found the right vulnerability.

TDC scanned Danish internet addresses, finding 1.7 million network devices that responded to ICMP pings, which implies a sizeable target count in that country alone.

BlackNurse reminds us that DDoS attackers are constantly probing for new weaknesses, as well as for old ones defenders have simply forgotten about. Sometimes they find joy in unexpected places.

Cisco Pix firewall

Firewall cisco PIX will be the devoted instrument firewall in family firewall cisco's and holds upper ranking both in and in the idea of udel'nyya weight on the market. Firewall cisco PIX is supplied strong security and, with the idea of rynk-.vodya, is created few to any impact of the idea of network.

Nomenclature of goods constrains the provided for access between internally the network and the Internet, extranet, or connections intranet. Mashtaby firewall cisco PIX in order to sootvestvovat' a number of requirements for client and the dimensions of network. The bundle of the starter of the security agent Cisco® will be low-cost pynktom of the entrance for initially the disclosures of server and desktop within the limits of enterprise, or for small to medium matter of size. Bundle Csa- starter -k9 $1882, is which starter CSA it it contains: The control center of the permission of control CiscoWorks VPN/Security (VMS) of basic 2.2 ciscoWorks to the security agents 4.01 cisco one security agent cisco on the servers of 10 security agents cisco for desktops Next-generation the means of programming by the security of the network of the security agent cisco ensures protection from with threat for the server and desktop computing systems, also known as endpoints.

The security agent cisco follows the usual permissions by security endpoint as personal firewalls and host-based IDSs by way to determine and to prevent malicious behavior before it can occurring, with such means of izvlekayushch of mark from the point of view of safety of potential the znannye and unknown which threaten networks and applications. The security agent cisco analyzes behavior rather than to be proposed on to mate signatures, ensuring robust protection with the reduced working prices.

All models firewall cisco PIX have disclosures of joint encryption IPSec, allowing and place- to -.mesta and the remote access VPN, and they are set in action further hardened operational system that focused on to protect the security of adaptation and network its they protect. In addition to to have an ability to be governed by manager configurations PIX, firewalls cisco PIX also can centrally be governed by the manager of policy cisco provide ford, who can govern up to 500 firewalls PIX, integrated cisco disclosures of the means of programming, and by installations place- to -.mesta VPN. as the devoted instrument, firewall cisco PIX is light in order to establish and they are high stabilized. Series firewall cisco PIX stand effective both in the price and the maintenance, and ensures unmatched security and idea.

Zone Alarm Firewall

Zone Alarm firewall is designed to protect your DSL- or cable-connected PC from hackers. This program includes four interlocking security services: a firewall, an application control, an Internet lock, and Zones. The firewall controls the door to your computer and allows only traffic you understand and initiate. The application control allows you to decide which applications can and cannot use the Internet. The Internet lock blocks Internet traffic while your computer is unattended or while you're not using the Internet, and it can be activated automatically with your computer's screensaver or after a set period of inactivity. Zones monitor all activity on your computer and alert you when a new application attempts to access the Internet. Version 7.0 may include unspecified updates, enhancements, or bug fixes.

Zone Alarm firewall is free for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).

Barracuda spam firewall

The barracuda spam firewall shape and lo in proportion to it is obtained by instruments antispam in order to increase to filter spam that based on the reputation of servant. Mountain View, CALIF, the creator of instrument antispam on Tuesday plans to declare to "predictive servant shaping" as his of noveyshiya methods in order to slay and mlo junk. Filtering and lo more by effective means to shape communications and servants on the fly how exactly to look upward according to the calculation of reputation in the data base it is based further after the behavior, said Stephen Pao, the vice President for administration of production on barracuda. For example, the instruments of barracuda will follow connections in and -max as web browser about browser and to cause nature of the place before to prevent communication to the end, Pao they said. Also, if servant asks to send too many communications to nonexistent to addresses, then connection and a will be radiated, he said. "predictive servant shaping" existing on any additional price for existing the clients of the networks of barrachudy through the lift of the means of programming.