Reset Search



ACL to Protect againt BlackNurse Virus

« Go Back


TitleACL to Protect againt BlackNurse Virus
  • BlackNurse is a form of ICMP flood attack which may cause denial of service.
  • A properly configured next generation firewall is protected against BlackNurse attack.
  • NI 5.6.00G
Blacknurse is a low bandwidth ICMP attack that is capable of doing denial of service to well known firewalls.
Most ICMP attacks that we see are based on ICMP Type 8 Code 0 also called a ping flood attack.
The attack impact on firewall is typically high CPU loads.
BlackNurse is based on ICMP with Type 3 Code 3 packets.
We know that when a user has allowed ICMP Type 3 Code 3 to outside interfaces, the BlackNurse attack becomes highly effective even at low bandwidth.
BlackNurse is based on ICMP with Type 3 Code 3 packets.

Type 3 Code 3 packets are "port-unreachable " in ACL.
access-list 101 deny icmp any any port-unreachable
int ve 100
ip access-group 101 in
ip access-group 101 out

In case of an ongoing attack and if the firewall is not properly configured, there will be a spike in CPU load and users from the LAN side may no longer be able to send/receive traffic to/from the Internet.

For best protection, it is recommended that user enable ICMP Flood Protection in Firewall Settings.
Additional notes
Apply ICMP Protection on the firewall.



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255