Newly Discovered UDP:443 (EDT) DDOS Attack Against Citrix ADC Using NetScaler Gateway

The Geeksultant's picture

A new NetScaler vulnerability has been discovered and could be causing performance issues with customers who have NetScaler Gateway deployed and using Enlightened Transport (EDT with UDP 443).

The issue allows hackers to create a DDoS (Denial of Service) attack against the NetScaler causing it to max out on bandwidth which in turn causes performance issues fur users.

Multiple NetScaler customers across the globe stated seeing this issue in the past few days.

To see if you are being affected, check the NetScaler Dashboard.

If Packet CPU or Throughput look to be abnormally high (i.e.: close to maxing out), then you may be under attack.

The easy fix, is to disable DTLS on the Gateway, which blocks UDP traffic. As per the referenced article, you can also block UDP on 443 on your Firewall.

Keep in mind that DTLS with UDP is used by the NetScaler for the Enlightened Transport Protocol, which provides better performance for remote users with low bandwidth and/or high latency.

For more details -->

As always, "Geeksultant, Your I.T. Consultant of Choice!"

Office: 770-559-1492