Researchers discovered a new denial of service (DoS) technique that can disrupt high-end network hardware with a single laptop – drastically reducing the amount of infrastructure it takes to pull off such an attack.
Usually, that means a vast network of hijacked computers simultaneously floods a target with a high volume of traffic. That attack, technically known as a distributed denial of service, briefly downed the internet switchboard Dyn a few weeks ago, blocking traffic to major sites like Twitter and the New York Times.
The new attack, discovered by Danish firm TDC and dubbed “BlackNurse,” is not based on the volume of traffic.
In BlackNurse, a computer sends a low volume of a specific Internet Control Message Protocol (ICMP) error message that can overwhelm a firewall’s processor. It only requires a single computer with a decent internet connection
Attackers have used a different type of ICMP attack, known as a ping flood, to swamp servers with traffic in the past.
“The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down.
"This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack,” wrote TDC in their report.