Low-Bandwidth “BlackNurse” DDoS Attacks Leading Firewalls Interruption


Computer security researchers have very clearly stated that the low-bandwidth BlackNurse DDoS Attack do includes potential of causing serious disruptions in the operations of enterprise firewalls utilized by individual users and big companies.

The BlackNurse Attack Proven Highly Dangerous

Researches have claimed ‘BlackNurse DDoS Attack’ a severe attack that has targeted number of PC users. Among all those danish Telecom operatior TDC attack was labeled as one of the most notable attack. This malware has been labeled as a low bandwidth type as it do have capacity of leading severe disruptions via launching specific ICMP attacks (i.e., also known as ping attacks). This attacks usually causes floods issue.

BlackNurse has been reported utilizing ICMP Type 3 Code 3 Packets instead of the traditional Type 8 Code 0 packets. It is basically a non-standard approach that has materialize of being highly efficient at comparatively low bandwidth speeds such as 15-18 Mbps. It’s this effect is the actual reason liable behind the issue of evolving firewall troubles even on the targets comprising high speed Internet access of 1 Gbps.

BlackNurse leads to high CPU load issue on the firewall. This ultimately results in the generation of network issues for both users on the internal network as well as in the outside world (i.e., the Internet). The aforementioned trouble have been notified to get stopped after the completion of the attack.

Researches have proven that a small number of Internet connections along with a low uplink speed are capable of maintaining the BlackNurse DDoS Attack against a enormous set of companies or organizations.

A deep of the Danish IP address has disclosed that there are around over 1.7 million devices that do includes capability of responding such ICMP ping packets. This states that a large BlackNurse may lead to the severe damage on them. According to security analysts the main reason reasonable behind such disruption is the unawareness of the organizations about the risk. Additionally not defending on time is also one of the most crucial cause liable behind this attack.


BlackNurse have been reported compatible with a wide range of devices including SonicWall, Cisco ASA series, Palo Alto Networks etc.

The list of devices compatible to the disruption of BlackNurse is mentioned below :

This malware has been notified not affecting the iptablets utility for Gnu/Linux propagations, OpenBSD and MikroTIK systems.

Now though all the above mentioned devices get easily infected with BlackNurse DDoS Attack but still among all of them the Cisco ASA firewall 55xx series have been reported the most vulnerable to such attacks. These device can suffer to the attack even in a case if all the ICMP traffic gets deactivated.

More Information About BlackNurse

Security experts have created a specialized website for the main purpose of studying the threat and providing detailed information about it. Along with this the authors of the website who operate it have created a way enabling network administrators in order to check if they are vulnerable to BlackNurse DDoS.

Leave a Comment

Your email address will not be published. Required fields are marked *

Skip to toolbar