{"id":1099,"date":"2016-11-16T04:18:46","date_gmt":"2016-11-16T04:18:46","guid":{"rendered":"http:\/\/mojtabanow.info\/web\/?p=1099"},"modified":"2016-11-16T04:18:46","modified_gmt":"2016-11-16T04:18:46","slug":"%d9%87%d8%ac%d9%88%d9%85-blacknurse-%d9%8a%d9%87%d8%af%d8%af-%d8%a7%d9%84%d9%85%d9%84%d8%a7%d9%8a%d9%8a%d9%86","status":"publish","type":"post","link":"https:\/\/qdatabyte.com\/?p=1099","title":{"rendered":"\u0647\u062c\u0648\u0645 Blacknurse \u064a\u0647\u062f\u062f \u0627\u0644\u0645\u0644\u0627\u064a\u064a\u0646"},"content":{"rendered":"

\u064a\u0628\u062f\u0648 \u0627\u0646 \u0627\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0633\u064a\u0643\u0648\u0646 \u0647\u0627\u062c\u0633\u0627\u064b \u0628\u062f\u0627 \u0645\u0646 \u0627\u0644\u0627\u0646 \u0648\u0645\u0646 \u0627\u0645\u0633 \u0648\u0644\u064a\u0633 \u0643\u0645\u0627 \u062a\u0648\u0642\u0639 \u0627\u0644\u0643\u062b\u064a\u0631\u0648\u0646 \u0641\u064a \u0627\u0644\u0645\u0633\u062a\u0642\u0628\u0644 \u0627\u0644\u0642\u0631\u064a\u0628.<\/p>\n

\u0641\u0627\u0633\u0644\u0648\u0628 \u0647\u062c\u0648\u0645 blacknurse \u064a\u0633\u0628\u0628 \u0627\u0644\u0641\u0635\u0644 \u0639\u0646 \u0627\u0644\u062e\u062f\u0645\u0629 denial of service DOS\u00a0 \u0644\u0627\u062c\u0647\u0632\u0629 \u0627\u0644 Firewall \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 ICMP type3 \u0648\u0647\u0630\u0627 \u0627\u0633\u0644\u0648\u0628 \u063a\u064a\u0631 \u0645\u0639\u062a\u0627\u062f \u0644\u0627\u0646\u0647 \u0639\u0627\u062f\u0629 \u0645\u0627\u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 ICMP Type 8 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u0645\u0645\u0627 \u064a\u062c\u0639\u0644\u0647 \u0645\u0624\u062b\u0631 \u062c\u062f\u0627 , \u0641\u0627\u0630\u0627 \u0633\u0645\u062d \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 ICMP type3 \u0639\u0644\u0649 \u0645\u0646\u0641\u0630 \u062e\u0627\u0631\u062c\u0649 \u0641\u0627\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u064a\u0635\u0628\u062d \u0641\u0639\u0627\u0644 \u062c\u062f\u0627 , \u0648\u064a\u0639\u0645\u0644 \u0627\u0644\u0647\u062c\u0648\u0645 \u0639\u0644\u0649 \u0628\u0627\u0646\u062f\u0648\u062f\u062b \u0645\u0646\u062e\u0641\u0636\u0647 \u0627\u0649 \u0627\u0646\u0647 \u0644\u0627\u064a\u062d\u062a\u0627\u062c \u0644\u0633\u0631\u0639\u0629 \u0627\u0646\u062a\u0631\u0646\u062a \u0639\u0627\u0644\u064a\u0629 \u062c\u062f\u0627\u00a0 \u0641\u062a\u0639\u062a\u0628\u0631 15Mb \u0643\u0627\u0641\u064a\u0629 \u062c\u062f\u0627 \u0644\u064a\u062a\u0645 \u0627\u0631\u0633\u0627\u0644 50 \u0627\u0644\u0641\u00a0 packets \u0641\u064a \u0627\u0644\u062b\u0627\u0646\u064a\u0629 \u0627\u0644\u0648\u0627\u062d\u062f\u0647 \u0648\u0647\u0630\u0627 \u0639\u0627\u062f\u0629 \u0644\u0627\u064a\u0645\u062b\u0644 \u0645\u0634\u0643\u0644\u0647 \u0627\u0630\u0627 \u0643\u0646\u062a \u062a\u0633\u062a\u062e\u062f\u0645 \u0645\u0646\u0641\u0630 Ethernet \u0628\u0633\u0631\u0639\u0629 1GB \u062a\u0643\u0645\u0646 \u0627\u0644\u0645\u0634\u0643\u0644\u0629 \u0641\u064a \u0627\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 \u064a\u0634\u063a\u0644 \u0627\u0644\u0645\u0639\u0627\u0644\u062c \u062c\u062f\u0627 \u0644\u062f\u0631\u062c\u0629 \u0627\u0646 \u0627\u0644\u0645\u0633\u062a\u062e\u062f\u0645 \u0627\u0644\u0639\u0627\u062f\u0649 \u0644\u0646 \u064a\u0633\u062a\u0637\u064a\u0639 \u0627\u0631\u0633\u0627\u0644 \u0627\u0649 \u062d\u0632\u0645\u0647 \u0627\u0644\u0649 \u0627\u0644\u0627\u0646\u062a\u0631\u0646\u062a \u0627\u0648 \u0627\u0633\u062a\u0642\u0628\u0627\u0644\u0647\u0627 .<\/p>\n

\u0628\u0627\u0645\u0643\u0627\u0646\u0643 \u0627\u062e\u062a\u0628\u0627\u0631 \u0628\u064a\u0626\u062a\u0643 \u0639\u0646 \u0637\u0631\u064a\u0642 \u062a\u0634\u063a\u064a\u0644 \u0627\u0644\u0627\u0645\u0631 \u0628\u0639\u062f \u0627\u0646 \u062a\u0633\u0645\u062d \u0644\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 ICMP \u0639\u0644\u0649 \u062c\u0627\u0646\u0628 \u0627\u0644 WAN :<\/p>\n

\"Firewall-300x165<\/p>\n

<\/p>\n

hping3 -1 -C 3 -K 3 -i u20 <target ip><\/p>\n

hping3 -1 -C 3 -K 3 –flood <target ip><\/p>\n

\u0648\u0642\u0645 \u0627\u062b\u0646\u0627\u0621 \u0627\u0644\u062a\u062c\u0631\u0628\u0629 \u0628\u0645\u062d\u0627\u0648\u0644\u0629 \u0627\u0644\u0648\u0635\u0648\u0644 \u0644\u0644\u0627\u0646\u062a\u0631\u0646\u062a \u0627\u0630\u0627 \u0627\u0633\u062a\u0637\u0639\u062a \u0627\u0644\u0648\u0635\u0648\u0644 \u0641\u0627\u0646\u062a \u0628\u0627\u0645\u0627\u0646 \u0627\u0645\u0627 \u0627\u0630\u0627 \u0644\u0645 \u062a\u0633\u062a\u0637\u0639 \u0641\u0627\u0646\u062a \u0641\u064a \u062e\u0637\u0631 \u062d\u0642\u064a\u0642\u064a .<\/p>\n

\u0627\u062f\u0646\u0627\u0647 \u0642\u0627\u0626\u0645\u0629 \u0628\u0628\u0639\u0636 \u0627\u0644\u0627\u062c\u0647\u0632\u0629 \u0627\u0644\u0645\u062a\u0627\u062b\u0631\u0629 \u0644\u064a\u0633 \u062d\u0635\u0631\u0627\u064b :<\/p>\n

Cisco ASA 5505, 5506, 5515, 5525 , 5540 (default settings)<\/p>\n

Cisco 6500 routers with SUP2T and Netflow v9 on the inbound interface – 100% CPU load<\/p>\n

Cisco ASA 5550 (Legacy) and 5515-X (latest generation) – (see detailed test results<\/a>)<\/p>\n

ASA Still surprises – see this result from Gupta Deva!!!!<\/a><\/p>\n

and a tool for testing cpu consumption on Cisco from Gupta Deva<\/a><\/p>\n

Cisco Router 897 – Can be mitigated – The current code from https:\/\/www.cymru.com\/Documents\/secure-ios-template.html will make evil worse.<\/p>\n

SonicWall – Misconfiguration can be changed and mitigated (Enable Anti-DDOS)<\/p>\n

Some unverified Palo Alto – SEE ANSWER FROM PALO ALTO<\/a><\/p>\n

Palo Alto 5050 Firewalls with firmware 7.1.4-h2<\/p>\n

Zyxel NWA3560-N (Wireless attack from LAN Side)<\/p>\n

Zyxel Zywall USG50<\/p>\n

Fortinet v5.4.1 – One CPU consumed<\/p>\n

Fortigate units 60c and 100D (even with drop ICMP on) – RESPONSE FROM FORTINET<\/a><\/p>\n

\u0627\u0644\u0627\u062c\u0647\u0632\u0629 \u0627\u062f\u0646\u0627\u0647 \u0641\u064a \u0623\u0645\u0627\u0646 \u0648\u0644\u0645 \u062a\u062a\u0627\u062b\u0631 :<\/p>\n

Iptables (Netfilter! – thx Martin ;-)) (even with 480 Mbit\/sek)<\/p>\n

mikrotik CCR1036-12G-4S firmware: 3.27 (250 Mbit\/sek) and no problem && RouterOS 5.4 on Mikrotik RB750<\/p>\n

OpenBSD 6.0 and current<\/p>\n

Windows Firewalls<\/p>\n

pfSense<\/p>\n

GigaVUE HC-Serie (Gigamon)<\/p>\n

AVM Fritz!Box 7360 (common ADSl router in Germany)<\/p>\n

Ubiquiti Networks – EdgeRouter Lite CPU 60-70% load but still going<\/p>\n

Cisco ISR4321 Router IOS XE – Version 15.5(3)S2, RELEASE SOFTWARE (fc2)<\/p>\n

Check Point Security Gateways – Checkpoint response!<\/a><\/p>\n

Juniper SRX<\/p>\n

 <\/p>\n

\u0644\u0645\u0632\u064a\u062f \u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0631\u0627\u062c\u0639<\/p>\n

http:\/\/blacknurse.dk\/<\/a><\/p>\n

\u062a\u062d\u064a\u0627\u062a\u0649<\/p>\n","protected":false},"excerpt":{"rendered":"

\u064a\u0628\u062f\u0648 \u0627\u0646 \u0627\u0645\u0646 \u0627\u0644\u0645\u0639\u0644\u0648\u0645\u0627\u062a \u0633\u064a\u0643\u0648\u0646 \u0647\u0627\u062c\u0633\u0627\u064b \u0628\u062f\u0627 \u0645\u0646 \u0627\u0644\u0627\u0646 \u0648\u0645\u0646 \u0627\u0645\u0633 \u0648\u0644\u064a\u0633 \u0643\u0645\u0627 \u062a\u0648\u0642\u0639 \u0627\u0644\u0643\u062b\u064a\u0631\u0648\u0646 \u0641\u064a \u0627\u0644\u0645\u0633\u062a\u0642\u0628\u0644 \u0627\u0644\u0642\u0631\u064a\u0628. \u0641\u0627\u0633\u0644\u0648\u0628 \u0647\u062c\u0648\u0645 blacknurse \u064a\u0633\u0628\u0628 \u0627\u0644\u0641\u0635\u0644 \u0639\u0646 \u0627\u0644\u062e\u062f\u0645\u0629 denial of service DOS\u00a0 \u0644\u0627\u062c\u0647\u0632\u0629 \u0627\u0644 Firewall \u0639\u0646 \u0637\u0631\u064a\u0642 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 ICMP type3 \u0648\u0647\u0630\u0627 \u0627\u0633\u0644\u0648\u0628 \u063a\u064a\u0631 \u0645\u0639\u062a\u0627\u062f \u0644\u0627\u0646\u0647 \u0639\u0627\u062f\u0629 \u0645\u0627\u064a\u062a\u0645 \u0627\u0633\u062a\u063a\u0644\u0627\u0644 \u0627\u0644\u0628\u0631\u0648\u062a\u0648\u0643\u0648\u0644 ICMP Type 8 \u0641\u064a \u0647\u0630\u0627 \u0627\u0644\u0646\u0648\u0639 \u0645\u0646 \u0627\u0644\u0647\u062c\u0648\u0645 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[120],"tags":[231,232,230,189,183],"class_list":["post-1099","post","type-post","status-publish","format-standard","hentry","category-__","tag-blacknurse","tag-firewall","tag-230","tag-189","tag-183"],"views":1935,"_links":{"self":[{"href":"https:\/\/qdatabyte.com\/index.php?rest_route=\/wp\/v2\/posts\/1099","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/qdatabyte.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/qdatabyte.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/qdatabyte.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/qdatabyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1099"}],"version-history":[{"count":1,"href":"https:\/\/qdatabyte.com\/index.php?rest_route=\/wp\/v2\/posts\/1099\/revisions"}],"predecessor-version":[{"id":1101,"href":"https:\/\/qdatabyte.com\/index.php?rest_route=\/wp\/v2\/posts\/1099\/revisions\/1101"}],"wp:attachment":[{"href":"https:\/\/qdatabyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1099"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/qdatabyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1099"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/qdatabyte.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1099"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}