[The Register] Firewalls snuffed by 'BlackNurse' Ping of Death attack

[The_Librarian]

A code artefact in a number of popular firewalls means they can be crashed by a mere crafted ping.

The low-rate “Ping of death” attack, dubbed BlackNurse, affects firewalls from Cisco, SonicWall, Zyxel, and possibly Palo Alto.

Since we don't imagine Switchzilla has started giving away the version of IOS running in its ASA firewalls, Vulture South suspects it arises from a popular open source library. Which means other vulnerable devices could be out there.

Unlike the old-fashioned ping-flood, the attack in question uses ICMP “Type 3, Code 3” (destination unreachable, port unreachable) packets.

Rest of the article is here : http://www.theregister.co.uk/2016/11/14/its_2016_and_a_ping_of_death_can_still_be_a_thing/

 

[DrJohnZoidberg]

NOT AFFECTED:
Iptables (Netfilter! - thx Martin ;-)) (even with 480 Mbit/sek)
mikrotik CCR1036-12G-4S firmware: 3.27 (250 Mbit/sek) and no problem
OpenBSD 6.0 and current
Windows Firewalls
pfSense

pfSense ftw!

 

[The_Librarian]

Pity Windows Firewalls aren't affected, could've had some good fun