One laptop can take down major internet servers - says the title of a recent article on Engadget. The article refers to TDC SOC, where the attack is described. The good thing is, you can mitigate this issue quite easily by adding a custom IPS signature to your FortGate box.

Creating the signature

Login to the CLI, and create the signature by entering the commands below:

config ips custom
    edit ICMP.Blacknurse
      set signature "F-SBID( --name \"ICMP.Blacknurse\"; --protocol icmp; --icmp_type 3; --icmp_code 3; --rate 250,1;)"
        set severity medium
        set location server
        set application Other
        set action block
        set status enable
end

Adding the signature to the IPS sensor

Login to the GUI, and navigate to Security Profiles / Intrusion Protection. Select the sensor you want to edit (I modified the default sensor), right click on the default filter, and select Insert Filter Before.

On the next screen, click on Specify Signatures, and select the new signature on the top.

After clicking on OK, you can see the new signature is being applied: