Whenever there’s talk of a DDoS (distributed denial-of service) attack, network administrators think of multiple systems flooding a network device from various locations on the internet. However, when it comes to BlackNurse, a new & quite different type of DDoS, a single laptop can launch the attack to bring down the gateway firewall!

Last week the TDC SOC, Security Operations Center of Denmark Telecom, updated its report stating how BlackNurse, as a non-traditional DDoS attack can harm your network. Typically, a normal ping attack is based on an ICMP Type 8 Code 0, whereas BlackNurse is ICMP Type 3 Code 3. The attack will overload the firewall CPU which, as a result, causes an increase in dropped packets.

Unlike traditional ICMP flood attacks, BlackNurse can consume low-bandwidth pipes and disrupt the operations of your organization. Whether your uplink speed is 100Mbps or even 1Gbps, BlackNurse is effective even at bandwidths as low as 15Mbps.

The typical impact observed on firewalls is high CPU loads. In such cases users on the company’s local network will no longer be able to send or receive traffic to and from the internet. That’s because the firewall is busy processing the heavy load of incoming packets from the attack.

Now as a SonicWall firewall owner the first question coming to your mind is: Am I protected against BlackNurse?

The answer is: YES. All you need to do is to guarantee “ICMP Flood Protection” is enabled in Firewall Settings in user interface (see image below). In order to gain more information on configuring ICMP Flood Protection please refer to the SonicOS admin guide.

Screenshot of ICMP Flood Protection screen

According to Akamai’s September 2016 security report DDoS attacks are on the rise with 70 percent year over year. Security of our customers is our top priority, and SonicWall takes every measure to protect your network against all threats, DDoS included.

Please stay informed and updated with our SonicWall Threat Research updates here.

Sohrab Hashemi
Sr. Product Manager, SonicOS | SonicWall
Sohrab Hashemi is the Senior Product Manager for SonicOS at SonicWall. Prior to this role, Sohrab was the Senior Engineering Manager at SonicWall, managing test efforts for SonicOS & WXA. Before joining the SonicWall team, Sohrab held engineering positions at Code Green, Blue Coat, Shoretel and 8x8. Sohrab holds an MBA and a Master’s degree in Software Engineering from San Jose State University.

You might also like

New Virtual Firewalls: SonicWall NSv Provides Robust Security for Public, Private or Hybrid Cloud Environments
Read more
Protect Web Applications Running Private, Public or Hybrid Cloud Environments
Read more
SonicWall Annual Threat Report Reveals the State of the Cybersecurity Arms Race
Read more
Is Your Firewall Ready for the IoT Era? The 3 Tough Questions to Ask
Read more
2018 SonicWall Cyber Threat Report: Actionable Intelligence for the Cyber Arms Race
Read more


Leave a reply