Security News > 2021 > January > Citrix adds NetScaler ADC setting to block recent DDoS attacks

Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security feature of Citrix ADC and Gateway devices as an amplification vector in DDoS attacks.

According to reports that have surfaced starting with December 21st, 2020, a DDOS attack used DTLS to amplify traffic from susceptible Citrix ADC devices dozens of times.

DDoS attacks using DTLS can reach an amplification factor of 35 according to German DDoS protection vendor Link11, while DNS amplification is in the 28 to 54 range and WS Discovery amplification vectors fall between 10 and 500.

"As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion," Citrix said in an advisory published on December 24th. "The effect of this attack appears to be more prominent on connections with limited bandwidth."

The company's newly released DTLS feature enhancement adds a "HelloVerifyRequest" setting that will address the susceptibility to this attack vector and will block attempts made by attackers to abuse them in future DDoS attacks.

Impacted customers who cannot immediately install these new builds can also temporarily remove the amplification vector by temporarily disabling DTLS. To disable DTLS on affected Citrix devices you will have to issue the following command: set vpn vserver -dtls OFF. "Disabling the DTLS protocol may lead to limited performance degradation to real time applications using DTLS in your environment," Citrix said.

News URL

https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/