A single laptop can take down\u00a0high-bandwidth enterprise firewall by using an attack known as BlackNurse, which uses ICMP type 3 (destination unreachable) code 3 (port unreachable) packets. It would take between 40k-50k per second of these\u00a0types of packets to overload the firewall. The bandwidth required to generate this type of attack\u00a0requires only between 15Mbps and 18Mbps.<\/p>\n
The attack causes high CPU loads which causes users from the LAN side to be unable to communicate with the internet. This attack was successfully tested using Cisco ASA firewalls in default settings. Firewalls from Palo Alto Networks, SonicWall, and Zyxel Comm. are also impacted, but only if settings are misconfigured.<\/p>\n
In order to mitigate an attack like this would need ICMP Type 3 Code 3 on the WAN interface to be disabled. Enabling ICMP Flood in the firewall’s DoS protection profile can also mitigate this type of attack.<\/p>\n
Article:\u00a0http:\/\/www.csoonline.com\/article\/3141299\/security\/dos-technique-lets-a-single-laptop-take-down-an-enterprise-firewall.html<\/p>\n","protected":false},"excerpt":{"rendered":"
A single laptop can take down\u00a0high-bandwidth enterprise firewall by using an attack known as BlackNurse, which uses ICMP type 3 (destination unreachable) code 3 (port unreachable) packets. It would take between 40k-50k per second of these\u00a0types of packets to overload the firewall. The bandwidth required to generate this type of attack\u00a0requires only between 15Mbps and […]<\/p>\n","protected":false},"author":14261,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[717225],"tags":[],"class_list":{"0":"post-3973","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-12-it-security","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/3973","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/users\/14261"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/comments?post=3973"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/3973\/revisions"}],"predecessor-version":[{"id":3974,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/3973\/revisions\/3974"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/media?parent=3973"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/categories?post=3973"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/tags?post=3973"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}