Tech

All It Takes To Knockout Major Internet Servers Is One Laptop; BlackNurse Protocol [Video]

By

Researchers at the TDC Security Operations Center (SOC) revealed that there is a brand new attack method. It can take down large servers by using just one laptop.

Seems only yesterday when massive systems were attacked by enormous botnets utilizing the-internet-of things as drones to repeatedly attack major service operators. Researchers at the TDC identified the new attack technique as, BlackNurse, and one laptop with at least 15Mbps of bandwidth, according to Endgadget.

The new method sends specially formed Internet Control Message Protocol (ICMP) packets. This new protocol is different from the usual attack method where botnets overwhelm the server with traffic from various sources ultimately leading to a DDoS.

In their continuous analysis of various DDoS attacks, the researchers noticed one attack form based on the ICMP protocol. The attack type is not based on the usual flooding of the internet connection and they decided to call it BlackNurse, reported in their publication here.

According to their findings, BlackNurse is not the same strain that sends out ICMP flood attack that sends out ICMP requests to a target very quickly. They reported that BlackNurse is based on ICMP with Type 3 Code 3 packets. Type 3 is Destination Unreachable; Code 3 is Port Unreachable.

The attack attracted attention because even though there is low packet per second and traffic is running low, BlackNurse can still keep clients operations down. The same goes for clients with large uplinks and with enterprise firewalls to boot.

A survey they made in the Danish IP address space resulted in finding that there were more than 1.7 million devices responding to the ICMP ping which could result in BlackNurse having a high impact at low bandwidths on devices and equipment that has poor ICMP handling capability.

A 'normal' ping attack is based on an ICMP Type 8 Code 0, BlackNurse is ICMP with Type 3 Code 3 packets. When a user allows this type of access to outside interfaces, the BlackNurse attack becomes more effective even at low bandwidth, as low as 15Mbps.

More information about ICMP Types and Codes can be found at https://www.nthelp.com/icmp.html

© 2024 University Herald, All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics