Intrusion Prevention

BlackNurse.ICMP.Type.3.Code.3.Flood.DoS

Description

This indicates an attempt to exploit the BlackNurse Denial Of Service vulnerability in various products.
The vulnerability is due to improper handling of ICMP type 3 code 3 requests. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system. The signature detects for 250 ICMP requests within 1 second. Customers should adjust the rate to suit their needs.

Affected Products

Cisco ASA 5515, 5525 (default settings)
Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
SonicWall

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Other References

http://www.blacknurse.dk/