To launch a denial of service attack, it’s not always necessary that you have a huge botnet. Researchers at TDC Security Operations Center have disclosed BlackNurse, a new attack mechanism that can cripple large servers using just one computer (or laptop), along with at least 15Mbps of bandwidth.
One laptop to kill the servers
Unlike another denial of service attacks, you don’t have to bombard a server with traffic; instead, you send low volume ICMP packets, which overwhelm the processors on server firewalls made by Cisco, Zyxel, SonicWall, Palo Alto Networks and others. Result? The firewalls end up dropping a huge amount of data, making the server behind the device unable to communicate with the internet.
However, the good news is there’re ways to fight against BlackNurse. Researchers at TDC suggest that you should install software filters to prevent this kind of attack. Besides, firewall makers that allow ICMP packets from outside should be concerned. For instance, Palo Alto notes that unless you change their firewall settings and ignore its guidelines for anti-flood protection, you’re safe. Its firewall will automatically drop those kinds of requests. Also, Cisco doesn’t consider it a security threat, either.
However, the danger hasn’t gone yet. There are some businesses that require tweaking their setting to let the ICMP data in. And not all the firewalls are guaranteed to maintain similar rules. BlackNurse is a reminder for all of us that denial of service attack can come in many forms, even from a person using just a laptop at home.