Sunday, Apr 28 2024 | Updated at 06:43 PM EDT

Stay Connected With Us F T R

Nov 15, 2016 05:44 AM EST By , UniversityHerald Reporter

Researchers at the TDC Security Operations Center (SOC) revealed that there is a brand new attack method. It can take down large servers by using just one laptop.

Seems only yesterday when massive systems were attacked by enormous botnets utilizing the-internet-of things as drones to repeatedly attack major service operators. Researchers at the TDC identified the new attack technique as, BlackNurse, and one laptop with at least 15Mbps of bandwidth, according to Endgadget.

The new method sends specially formed Internet Control Message Protocol (ICMP) packets. This new protocol is different from the usual attack method where botnets overwhelm the server with traffic from various sources ultimately leading to a DDoS.

In their continuous analysis of various DDoS attacks, the researchers noticed one attack form based on the ICMP protocol. The attack type is not based on the usual flooding of the internet connection and they decided to call it BlackNurse, reported in their publication here.

According to their findings, BlackNurse is not the same strain that sends out ICMP flood attack that sends out ICMP requests to a target very quickly. They reported that BlackNurse is based on ICMP with Type 3 Code 3 packets. Type 3 is Destination Unreachable; Code 3 is Port Unreachable.

The attack attracted attention because even though there is low packet per second and traffic is running low, BlackNurse can still keep clients operations down. The same goes for clients with large uplinks and with enterprise firewalls to boot.

A survey they made in the Danish IP address space resulted in finding that there were more than 1.7 million devices responding to the ICMP ping which could result in BlackNurse having a high impact at low bandwidths on devices and equipment that has poor ICMP handling capability.

A 'normal' ping attack is based on an ICMP Type 8 Code 0, BlackNurse is ICMP with Type 3 Code 3 packets. When a user allows this type of access to outside interfaces, the BlackNurse attack becomes more effective even at low bandwidth, as low as 15Mbps.

More information about ICMP Types and Codes can be found at https://www.nthelp.com/icmp.html

See Now: Covert Team Inside Newsweek Revealed as Key Players in False Human Trafficking Lawsuit

Follows ICMP Attack, Type 3 - Code 3 ICMP Attack, DDoS, Ping Flood, BlackNurse, TDC Security Operations Center (SOC), BlackNurse ICMP Attack
© 2024 University Herald, All rights reserved. Do not reproduce without permission.

Must Read

Common Challenges for College Students: How to Overcome Them

Oct 17, 2022 PM EDTFor most people, college is a phenomenal experience. However, while higher education offers benefits, it can also come with a number of challenges to ...

Top 5 Best Resources for Math Students

Oct 17, 2022 AM EDTMath is a subject that needs to be tackled differently than any other class, so you'll need the right tools and resources to master it. So here are 5 ...

Why Taking a DNA Test is Vital Before Starting a Family

Oct 12, 2022 PM EDTIf you're considering starting a family, this is an exciting time! There are no doubt a million things running through your head right now, from ...

By Enabling The Use Of Second-Hand Technology, Alloallo Scutter It's Growth While Being Economically And Environmentally Friendly.

Oct 11, 2022 PM EDTBrands are being forced to prioritise customer lifetime value and foster brand loyalty as return on advertising investment plummets. Several brands, ...