Can't find what you need?


• Ask the Community
• Create a Case
Reset Search
 

 

Article

What is Blacknurse and how to prevent it?

« Go Back

Information

 
TitleWhat is Blacknurse and how to prevent it?
Question
What is Blacknurse and how to prevent it?
Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service (DoS) to well known firewalls and any network devices
Detail information for Blacknurse can be found in the following web site:
http://blacknurse.dk/
Environment
  • All EXOS switches
Answer

To prevent Denial of service attrack in the EXOS switches, DoS Protection should be used.

DoS Protection is designed to help prevent this degraded performance by attempting to characterize the problem and filter out the offending traffic so that other functions can continue. When a flood of CPU bound packets reach the switch, DoS Protection will count these packets. When the packet count nears the alert threshold, packets headers will be saved. If the threshold is reached, then these headers are analyzed, and a hardware access control list (ACL) is created to limit the flow of these packets to the CPU. This ACL will remain in place to provide relief to the CPU. Periodically, the ACL will expire, and if the attack is still occurring, it will be re-enabled. With the ACL in place, the CPU will have the cycles to process legitimate traffic and continue other services.
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255