BlackNurse DoS Attack – What You Should Know

According to TDC Security Operations Center, a type of denial of service attack relevant more than a decade ago has resurfaced with crippling consequences.

BlackNurse is based on a low-volume Internet Control Message Protocol (ICMP) flood attack based on Type 3 Code 3 packets, targeting vulnerable firewalls. BlackNurse causes denial of service by overloading the firewall's host CPU. Research indicates that BlackNurse traffic volume is very small, ranging from 15Mbps to 18 Mbps – far smaller attack volume than many of the recent record-breaking DDoS attacks targeting DYN and OVH in past months.

This sub-saturating DoS technique requires real-time purpose built denial of service protection placed at the edge of the network.

Corero has yet to see this attack in the wild, however Corero’s denial of service solution provides automatic protection for ICMP flood attacks and zero-day detection and protection for this killer packet denial of service threat. More information about Corero's protection capabilities against the BlackNurse DoS vector can be found within our security advisory portal.