After confirming an issue with their DTLS, a TLS protocol for UDP, Citrix has added settings to enable administrators to protect against the recent Distributed Denial of Service (DDoS) against the NetScaler ADC appliance. The DDoS attack used DTLS to amplify network traffic sent to vulnerable devices and overwhelm network throughput. If the affected network does not already have enough bandwidth to endure a smaller Denial of Service attack, the ADC appliance would quickly overwhelm even larger networks belonging to Steam and Xbox’s services.
Analyst Notes
If any organization utilizes NetScaler ADC and DTLS, Citrix’s guidance is an essential step to protecting their assets. As of this writing, a new release has been pushed to allow for a new feature that will enable NetScaler ADC to verify the incoming DTLS connections. Temporary mitigations have also been released, which disables DTLS, but as noted by Citrix, that will lead to performance degradation in the appliance.
References and Resources:
https://www.zdnet.com/index.php/category/2381/index.php/article/citrix-devices-are-being-abused-as-ddos-attack-vectors/
https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/
