Remember the days back in the 90s when you could cripple someones Internet connection simply by issuing a few PING command like “ping -t [target]”? This type of attack was only successful if the victim was on a dial-up modem connection. However, it turns out that a similar form of ICMP flooding can still be used to perform a denial of service attack; even when the victim is on a gigabit network.

Devices verified by TDC to be vulnerable to the BlackNurse attack:

  • Cisco ASA 5506, 5515, 5525, 5540 (default settings)
    Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
    Cisco Router 897 (unless rate-limited)
    Palo Alto (unless ICMP Flood DoS protection is activated) – See advisory from Palo Alto.
    SonicWall (if misconfigured)
    Zyxel NWA3560-N (wireless attack from LAN Side)
    Zyxel Zywall USG50
  • Source: BlackNurse Denial of Service Attack – NETRESEC Blog