Resilence of network stateful firewalls against emerging DoS attacks: A case study of the blacknurse attack

Zouheir Trabelsi, Safaa Zeidan

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Traditional Distributed Denial of Service (DDoS) attacks usually flood target network servers with malicious traffic. This would generally require a set of attack hosts and large network traffic volume to be able to crash or degrade the performance of target servers causing service disruptions. Recently, new types of DDoS attacks have emerged and target specifically network security devices, mainly firewalls and intrusion prevention systems (IPS). In contrast to traditional DDoS attacks, these emerging attacks use low volume of malicious traffic. This paper is concerned solely with an emerging denial of firewalling attack, called the BlackNurse attack. This new attack uses special formatted ICMP packets to overwhelm the CPUs on targeted firewalls. This paper offers detailed insights into the understanding of the BlackNurse attack principles, practical attack generation, and its general effect on impacted firewalls and the network behind them. Performance evaluations are conducted on commercial grade Juniper NetScreen SSG 20 and Cisco ASA 5540 firewalls to measure the harmfulness of the BlackNurse attack when subjected to each of them. In addition, available attack mitigations pros and cons are discussed. OS screening features on Juniper NetScreen SSG 20 are used, as example, to test their effectiveness in thwarting the attack.

Original languageEnglish
Title of host publication16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
PublisherIEEE Computer Society
ISBN (Electronic)9781728150529
DOIs
Publication statusPublished - Nov 2019
Event16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019 - Abu Dhabi, United Arab Emirates
Duration: Nov 3 2019Nov 7 2019

Publication series

NameProceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
Volume2019-November
ISSN (Print)2161-5322
ISSN (Electronic)2161-5330

Conference

Conference16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
Country/TerritoryUnited Arab Emirates
CityAbu Dhabi
Period11/3/1911/7/19

Keywords

  • BlackNurse attack
  • Session table ICMP error messages
  • Stateful firewall

ASJC Scopus subject areas

  • Computer Networks and Communications
  • Computer Science Applications
  • Hardware and Architecture
  • Signal Processing
  • Control and Systems Engineering
  • Electrical and Electronic Engineering

Fingerprint

Dive into the research topics of 'Resilence of network stateful firewalls against emerging DoS attacks: A case study of the blacknurse attack'. Together they form a unique fingerprint.

Cite this