Hacker News new | past | comments | ask | show | jobs | submit login
The BlackNurse Attack [pdf] (tdc.dk)
5 points by aestetix on Nov 11, 2016 | hide | past | favorite | 1 comment

ICMP type 3 code 3:

"Destination unreachable: port unreachable."

This paper notes that many pro grade routers will fail under a DoS attack of these packets at only 15-18 Mbit/s (40K to 50K packets/sec). You can test from the WAN side, i.e. set up a laptop inside the company and generate this kind of DoS attack, and see if the router fails. The paper even includes sample commands for a Ubuntu installation while describing how to test from inside. It appears average users / infected hosts could DoS the router from inside the company!

It's probably because the packet is being processed by the host CPU in the router and not the switching fabric, and lacks proper rate limiting / DoS mitigation. In other words, it's a bug in most major routers, but fixable.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact