Slash Boxes

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 16 submissions in the queue.
posted by janrinok on Tuesday November 15 2016, @01:54AM   Printer-friendly
from the for-sale:-random-name-generator,-hardly-used dept.

A code artefact in a number of popular firewalls means they can be crashed by a mere crafted ping.

The low-rate "Ping of death" attack, dubbed BlackNurse, affects firewalls from Cisco, SonicWall, Zyxel, and possibly Palo Alto.

Since we don't imagine Switchzilla has started giving away the version of IOS running in its ASA firewalls, Vulture South suspects it arises from a popular open source library. Which means other vulnerable devices could be out there.

Unlike the old-fashioned ping-flood, the attack in question uses ICMP "Type 3, Code 3" (destination unreachable, port unreachable) packets.

In the normal course of events, a host would receive that packet in response to a message it had initiated – but of course, it's trivial to craft that packet and send it to a target.

In devices susceptible to BlackNurse, the operating system gets indigestion trying to process even a relatively low rate of these messages – in the original report from Denmark's TF-CSIRT, gigabit-capable routers could be borked by just 18 Mbps of BlackNurse traffic on their WAN interfaces.

Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1) by nobu_the_bard on Tuesday November 15 2016, @02:30PM

    by nobu_the_bard (6373) on Tuesday November 15 2016, @02:30PM (#426967)

    I took a couple of minutes and looked at the links. I forgot to look for the justification for that silly name. This page explains how to test: []

    People are saying pfSense firewalls aren't affected; I didn't test mine yet. The problem is how the Cisco firewalls and related devices/softwares process these specific packets, causing all resources to be used. Higher powered firewalls are not as easily affected.

    It seems this has been around for awhile but not seen heavy use? It's not really "new" in any case.