Hi.

Hat jemand Info über:
http://blacknurse.dk/

"BLACKNURSE is a newly discovered attacktype that has a potentially profound impact on companies and public institutions worldwide.
BLACKNURSE is undetectable and works with very little effort.

This is the official site of BLACKNURSE

Release date 10. November 2016 - Release date will not change


We have given vendores more the 4 month to verify this issue. Now it is soon time for you to verify it youself!


We do not encourage anyone to test this on systems they do not own."

VG,
Braz

ohh jaa endlich wieder action :D - könnte aber auch nur ein joke sein. Mal gucken...

Morgen ist es soweit *freu* :D

MFG Boehmer

Worauf freust du dich?

Update:


Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls.
Most ICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood attack.

BlackNurse is based on ICMP with Type 3 Code 3 packets. We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth.

Low bandwidth is in this case around 15-18 Mbit/s. This is to achieve the volume of packets needed which is around 40 to 50K packets per second. It does not matter if you have a 1 Gbit/s Internet connection.

The impact we see on different firewalls is typically high CPU loads. When an attack is ongoing, users from the LAN side will no longer be able to send/receive traffic to/from the Internet. All firewalls we have seen recover when the attack stops.

Please provide us with information on firewalls and routers that are affected by BlackNurse - you can send information toinfo@blacknurse.dk, and we will maintain a list of products on BlackNurse.dk.

The best way to test if your systems are vulnerable, is to allow ICMP on the WAN side of you firewall and do some testing with Hping3. When attacking the outside wan, try to do some internet surfing from the inside and out. In our test we used an Ubuntu installation with Hping3 installed. When testing, you have to be able to reach outbound internet speed of at least 15-18 Mbit/s.

Use Hping3 with one of the following commands:

hping3 -1 -C 3 -K 3 -i u20 <target ip>
hping3 -1 -C 3 -K 3 --flood <target ip>

Based on our test, we know that a reasonable sized laptop can produce approx. a 180 Mbit/s DoS attack with these commands. We have also made tests using a Nexus 6 mobile phone with Nethunter/Kali which only can produce 9.5 Mbit/s and therefore cannot single-handedly perform the BlackNurse attack.

das plus Mirai-Botnet = GG WP

---> http://thehackernews.com/2016/11/dos-attack-server-firewall.html