BlackNurse.ICMP.Type.3.Code.3.Flood.DoS

description-logoDescription

This indicates an attempt to exploit the BlackNurse Denial Of Service vulnerability in various products.
The vulnerability is due to improper handling of ICMP type 3 code 3 requests. A remote attacker may be able to exploit this to cause a denial of service condition on the affected system. The signature detects for 250 ICMP requests within 1 second. Customers should adjust the rate to suit their needs.

affected-products-logoAffected Products

Cisco ASA 5515, 5525 (default settings)
Cisco ASA 5550 (Legacy) and 5515-X (latest generation)
SonicWall

Impact logoImpact

Denial of Service: Remote attackers can crash vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are unaware of any vendor supplied patch or updates available for this issue.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)