
The BlackNurse Attack [pdf] - aestetix
http://soc.tdc.dk/blacknurse/blacknurse.pdf
======
sounds
ICMP type 3 code 3:

"Destination unreachable: port unreachable."

This paper notes that many pro grade routers will fail under a DoS attack of
these packets at only 15-18 Mbit/s (40K to 50K packets/sec). You can test from
the WAN side, i.e. set up a laptop inside the company and generate this kind
of DoS attack, and see if the router fails. The paper even includes sample
commands for a Ubuntu installation while describing how to test from inside.
It appears average users / infected hosts could DoS the router from inside the
company!

It's probably because the packet is being processed by the host CPU in the
router and not the switching fabric, and lacks proper rate limiting / DoS
mitigation. In other words, it's a bug in most major routers, but fixable.

