Blockchain security consulting company Qusu Future said: Many people know that Citrix NetScaler is a comprehensive solution for optimizing web application delivery. As a special-purpose device, NetScaler can accelerate the delivery of web applications by 5 times or more, while protecting web applications from the most dangerous security threats today.
Moreover, NetScaler can also improve resource efficiency, simplify policy creation and management, and reduce management costs.
But now, Citrix has issued an emergency warning to inform customers that some of the affected NetScaler application delivery controller (ADC) devices have a security problem, and attackers are using this problem to launch large-scale distribution to multiple targets Denial of service (DDoS) attack.
The company pointed out: “Attackers or machines that automatically issue attacks can overwhelm the Citrix ADC (Datagram Transport Layer Security) network throughput and cause outbound bandwidth exhaustion.” “The impact of this attack seems to be on connections with limited bandwidth. More prominent."
ADC is a specially constructed network device whose function is to deliver through the web to improve the performance, security and usability of end-user applications.
The desktop virtualization and network service provider said that they are monitoring the incident and continue to investigate its impact on Citrix ADC, adding: "The attack affected is limited to a small number of customers worldwide."
According to Marco Hofmann, IT administrator of German software company ANAXCO GmbH, since December 19 last year, many DDoS amplification attacks have used UDP/443 to attack Citrix (NetScaler) gateway devices. These reports have exposed these problems behind the scenes.
Citrix ADC DDoS attack
Datagram Transport Layer Security (DTLS) is based on the Transport Layer Security (TLS) protocol, which is designed to provide secure communication in a way that aims at data security: preventing eavesdropping, tampering, or message forgery.
Since DTLS uses a connectionless user datagram protocol (UDP), it is easy for an attacker to spoof IP packet datagrams and include arbitrary source IP addresses.
Therefore, when the Citrix ADC is forged by the source IP address as the victim's IP address, and is overwhelmed by the overwhelming DTLS packet flow, it will induce the response to generate bandwidth exhaustion and meet the necessary conditions for DDoS attacks.
Citrix NetScaler appliance
Citrix is currently working to enhance DTLS to eliminate susceptibility to this type of attack, and is expected to release a patch on January 12, 2021.
In order to determine whether the Citrix ADC device has become the target of an attack, the laboratory recommends paying close attention to outbound traffic in order to detect any abnormal data or peak fluctuations.
At the same time, customers affected by the attack can run the following command on Citrix ADC to disable DTLS when Citrix's permanent repair is pending: "set vpn vserver-dtls OFF".
The content of this article is compiled and compiled by WarpFuture.com Security Consulting Company. Please indicate if reprinting. Qusu Future provides related blockchain security consulting services including main chain security, exchange security, exchange wallet security, DAPP development security, and smart contract development security.