Interesting and yet so obvious.

Researchers at the Danish telecom operator TDC identified an interesting trend where certain types of Distributed Denial of Service (DDoS) attacks were much more successful than others.

The key? Taking advantage of a misconfigured firewall which accepts a certain type of traffic and must interpret and process the data.

Affecting CISCO ASA Firewalls, Palo Altos, SonicWalls, and Zyxel firewalls, the vulnerability has a pretty easy fix – configure your firewall properly!

How do you do that? Do not allow ICMP traffic on external interfaces. Specifically, the vulnerability states that Type 3 ICMP packets are the culprit and should be blocked on the WAN interface of any of those devices – but according to CISCO, IPSec and PPTP functions should be checked afterward.

I love the code name BlackNurse. I’m not sure where it comes from.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

This site uses Akismet to reduce spam. Learn how your comment data is processed.