A type of denial of service attack relevant in the 1990s has resurfaced with surprising potency against modern-day firewalls. Dubbed a BlackNurse attack, the technique leverages a low-volume Internet Control Message Protocol (ICMP) -based attack on vulnerable firewalls made by Cisco, Palo Alto, SonicWall and others, according to researchers.
TDC Security Operations Center, a security firm that published a technical report (PDF) on BlackNurse this week, said the attack is more traditionally called a “ping flood attack.” In this type of assault, traffic volume doesn’t matter as much as the type of packets sent, researchers said.
According to TDC, BlackNurse is based on ICMP Type 3 (Destination Unreachable) Code 3 (Port Unreachable) requests. These are packet replies typically returned to ping sources indicating the destination port is “unreachable,” according to researchers.