Citrix confirms a DDoS attack pattern impacting Citrix ADC’s using Datagram Transport Layer Security (DTLS) as an amplification vector.
Citrix confirms a DDoS attack pattern impacting Citrix ADC’s using Datagram Transport Layer Security (DTLS) as an amplification vector.
Reports from customers on ongoing DDoS amplify attack over UDP/443 against Citric (NetScaler) Gateway devices started on December 21st.
“As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughout, potentially leading to outbound bandwidth exhaustion," the company explained in a threat advisory.
According to Citrix the attack is limited to just a small number of customers and it impacts all ADC's with Enlightened Data Transport UDP Protocol (EDT) enabled.
The effect of this attack seems to be more prominent on connections with limited bandwidth.
If the Citrix Security Response Team discovers that a product is vulnerable to DDoS attacks because of a defect in Citrix software, details about the affected products will be published as a security bulletin.
"Citrix is working on a feature enhancement in DTLS to eliminate the susceptibility to this attack," the company added.
"Citrix expects to have this enhancement available on the Citrix downloads page for all supported versions on Jan 12, 2021."
You will have to issue the following command line interface (CLI) command to disable DTLS on your Citrix ADC:
set vpn vserver -dtls OFF
"Disabling the DTLS protocol may lead to limited performance degradation to real time applications using DTLS in your environment," Citrix added.
"The extent of degradation depends on multiple variables. If your environment does not use DTLS, disabling the protocol temporarily will have no performance impact."
Customers impacted by this DDoS attack can temporarily mitigate it by disabling DTLS, the amplification vector used by the attackers and eliminating the susceptibility to the attack.
Customers who need technical assistance with this issue are advised to reach out to Citrix Technical Support.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?