Citrix released a report on December 23rd that details Distributed Denial of Service (DDoS) attacks against Citrix Application Delivery Controller (ADC) servers, reported by several companies and described by Bleeping Computer. According to the advisory, all ADC servers that have “Enlightened Data Transport” (EDT) UDP protocol enabled are susceptible to the attack, which overwhelms the network throughput of the server’s Datagram Transport Layer Security (DTLS) service over UDP port 443. At present, Citrix does not believe that there is any security flaw that would allow unauthorized users to take control of the ADC servers, but that aspects of the DTLS implementation allow for an amplification of network traffic, in which the attacker only has to send a small number of bytes over the network to cause the server to send a much larger reply. Citrix is working on an update to ADC servers that will remove the susceptibility to this type of attack.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased