Denial of Firewalling Attacks (DoF): The Case Study of the Emerging BlackNurse Attack

Zouheir Trabelsi, Safaa Zeidan, Kadhim Hayawi

Research output: Contribution to journalArticlepeer-review

11 Citations (Scopus)

Abstract

Traditional Distributed Denial of Service (DDoS) attacks usually flood network targets with malicious traffic. Recently, new types of DDoS attacks have emerged and target specifically network security devices, mainly firewalls and intrusion prevention systems (IPS). In contrast to traditional DDoS attacks, these emerging attacks use a low volume of malicious traffic. This paper is concerned solely with an emerging denial of firewalling attack (DoF), called the BlackNurse attack. The attack uses specially formatted ICMP error messages to overwhelm targeted firewalls' CPUs. This paper offers detailed insights into the understanding of DoF attacks and classifying them according to the targeted firewall resources, traffic volume, and attack effect. This paper also concentrates on the BlackNurse attack principles, practical attack generation, and its general effect on impacted firewalls and the networks. The performance evaluations are conducted on commercial grades, namely, Juniper NetScreen SSG 20 and Cisco ASA 5540 firewalls. The pros and cons of the available attack mitigations are discussed. OS screening features on Juniper NetScreen SSG 20 are used, for an example, to test their effectiveness in thwarting the attack. Furthermore, this paper proposes a novel mechanism to defend against the BlackNurse attack using an early rejection rule with dynamic activity time duration that depends on current and previous attack statistics and severity parameters. The evaluation is conducted to simulate the proposed mechanism defense against novice and expert BlackNurse attackers.

Original languageEnglish
Article number8710298
Pages (from-to)61596-61609
Number of pages14
JournalIEEE Access
Volume7
DOIs
Publication statusPublished - 2019

Keywords

  • BlackNurse attack
  • DDoS attack
  • DoF attack
  • session table ICMP error messages
  • stateful firewall

ASJC Scopus subject areas

  • General Computer Science
  • General Materials Science
  • General Engineering

Fingerprint

Dive into the research topics of 'Denial of Firewalling Attacks (DoF): The Case Study of the Emerging BlackNurse Attack'. Together they form a unique fingerprint.

Cite this