Latest Threat Research: Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks

Get Informed

Search

Citrix Adds NetScaler ADC Setting to Block Recent DDoS Attacks

After confirming an issue with their DTLS, a TLS protocol for UDP, Citrix has added settings to enable administrators to protect against the recent Distributed Denial of Service (DDoS) against the NetScaler ADC appliance. The DDoS attack used DTLS to amplify network traffic sent to vulnerable devices and overwhelm network throughput. If the affected network does not already have enough bandwidth to endure a smaller Denial of Service attack, the ADC appliance would quickly overwhelm even larger networks belonging to Steam and Xbox’s services.

Analyst Notes

If any organization utilizes NetScaler ADC and DTLS, Citrix’s guidance is an essential step to protecting their assets. As of this writing, a new release has been pushed to allow for a new feature that will enable NetScaler ADC to verify the incoming DTLS connections. Temporary mitigations have also been released, which disables DTLS, but as noted by Citrix, that will lead to performance degradation in the appliance.

References and Resources:
https://www.zdnet.com/index.php/category/2381/index.php/article/citrix-devices-are-being-abused-as-ddos-attack-vectors/
https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/