TY - GEN
T1 - Resilence of network stateful firewalls against emerging DoS attacks
T2 - 16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
AU - Trabelsi, Zouheir
AU - Zeidan, Safaa
N1 - Publisher Copyright:
© 2019 IEEE.
PY - 2019/11
Y1 - 2019/11
N2 - Traditional Distributed Denial of Service (DDoS) attacks usually flood target network servers with malicious traffic. This would generally require a set of attack hosts and large network traffic volume to be able to crash or degrade the performance of target servers causing service disruptions. Recently, new types of DDoS attacks have emerged and target specifically network security devices, mainly firewalls and intrusion prevention systems (IPS). In contrast to traditional DDoS attacks, these emerging attacks use low volume of malicious traffic. This paper is concerned solely with an emerging denial of firewalling attack, called the BlackNurse attack. This new attack uses special formatted ICMP packets to overwhelm the CPUs on targeted firewalls. This paper offers detailed insights into the understanding of the BlackNurse attack principles, practical attack generation, and its general effect on impacted firewalls and the network behind them. Performance evaluations are conducted on commercial grade Juniper NetScreen SSG 20 and Cisco ASA 5540 firewalls to measure the harmfulness of the BlackNurse attack when subjected to each of them. In addition, available attack mitigations pros and cons are discussed. OS screening features on Juniper NetScreen SSG 20 are used, as example, to test their effectiveness in thwarting the attack.
AB - Traditional Distributed Denial of Service (DDoS) attacks usually flood target network servers with malicious traffic. This would generally require a set of attack hosts and large network traffic volume to be able to crash or degrade the performance of target servers causing service disruptions. Recently, new types of DDoS attacks have emerged and target specifically network security devices, mainly firewalls and intrusion prevention systems (IPS). In contrast to traditional DDoS attacks, these emerging attacks use low volume of malicious traffic. This paper is concerned solely with an emerging denial of firewalling attack, called the BlackNurse attack. This new attack uses special formatted ICMP packets to overwhelm the CPUs on targeted firewalls. This paper offers detailed insights into the understanding of the BlackNurse attack principles, practical attack generation, and its general effect on impacted firewalls and the network behind them. Performance evaluations are conducted on commercial grade Juniper NetScreen SSG 20 and Cisco ASA 5540 firewalls to measure the harmfulness of the BlackNurse attack when subjected to each of them. In addition, available attack mitigations pros and cons are discussed. OS screening features on Juniper NetScreen SSG 20 are used, as example, to test their effectiveness in thwarting the attack.
KW - BlackNurse attack
KW - Session table ICMP error messages
KW - Stateful firewall
UR - http://www.scopus.com/inward/record.url?scp=85082683807&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85082683807&partnerID=8YFLogxK
U2 - 10.1109/AICCSA47632.2019.9035323
DO - 10.1109/AICCSA47632.2019.9035323
M3 - Conference contribution
AN - SCOPUS:85082683807
T3 - Proceedings of IEEE/ACS International Conference on Computer Systems and Applications, AICCSA
BT - 16th ACS/IEEE International Conference on Computer Systems and Applications, AICCSA 2019
PB - IEEE Computer Society
Y2 - 3 November 2019 through 7 November 2019
ER -