New 'BlackNurse' denial of service attack discovered

New 'BlackNurse' denial of service attack discovered
© Getty Images

Researchers discovered a new denial of service (DoS) technique that can disrupt high-end network hardware with a single laptop – drastically reducing the amount of infrastructure it takes to pull off such an attack. 

ADVERTISEMENT
Denial of service attacks work by sending bogus requests to a server to tie up enough resources that systems can no longer function correctly.

Usually, that means a vast network of hijacked computers simultaneously floods a target with a high volume of traffic. That attack, technically known as a distributed denial of service, briefly downed the internet switchboard Dyn a few weeks ago, blocking traffic to major sites like Twitter and the New York Times.

The new attack, discovered by Danish firm TDC and dubbed “BlackNurse,” is not based on the volume of  traffic.

In BlackNurse, a computer sends a low volume of a specific Internet Control Message Protocol (ICMP) error message that can overwhelm a firewall’s processor. It only requires a single computer with a decent internet connection

Attackers have used a different type of ICMP attack, known as a ping flood, to swamp servers with traffic in the past. 

“The BlackNurse attack attracted our attention, because in our anti-DDoS solution we experienced that even though traffic speed and packets per second were very low, this attack could keep our customers' operations down.

"This even applied to customers with large internet uplinks and large enterprise firewalls in place. We had expected that professional firewall equipment would be able to handle the attack,” wrote TDC in their report.