
Threat actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks.
While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today.
The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann.
Hofmann tracked the issue to the DTLS interface on Citrix ADC devices.
DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP.
Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.
What this means is that attackers can send small DTLS packets to the DTLS-capable device and have the result returned in a many times larger packet to a spoofed IP address (the DDoS attack victim).
How many times the original packet is enlarged determines the amplification factor of a specific protocol. For past DTLS-based DDoS attacks, the amplification factor was usually 4 or 5 times the original packet.
But, on Monday, Hofmann reported that the DTLS implementation on Citrix ADC devices appears to be yielding a whopping 35, making it one of the most potent DDoS amplification vectors.
Citrix confirms issue
Earlier today, after several reports, Citrix has also confirmed the issue and promised to release a fix after the winter holidays, in mid-January 2020.
The company said it’s seen the DDoS attack vector being abused against “a small number of customers around the world.”
The issue is considered dangerous for IT administrators, for costs and uptime-related issues rather than the security of their devices.
As attackers abuse a Citrix ADC device, they might end up exhausting its upstream bandwidth, creating additional costs and blocking legitimate activity from the ADC.
Until Citrix readies officials mitigations, two temporary fixes have emerged.
The first is to disable the Citrix ADC DTLS interface if not used.
Citrix ADC
If you are impacted by this attack you can disable DTLS to stop it. Disabling the DTLS protocol will lead to limited performance degradation, a short freeze and to a fallback.
Run following CLI command on Citrix ADC:
set vpn vserver <vpn_vserver_name> -dtls OFF https://t.co/Tpdnp8k9y3— Thorsten E. (@endi24) December 24, 2020
If the DTLS interface is needed, forcing the device to authenticate incoming DTLS connections is recommended, although it may degrade the device’s performance as a result.
If you are making use of Citrix ADC and have enabled DTLS/EDT (UDP via port 443) you might need to run this command: “set ssl dtlsProfile nsdtls_default_profile -helloVerifyRequest ENABLED”. This will prevent you from future UDP amplification attacks. #NetScaler #CitrixADC
— Anton van Pelt (@AntonvanPelt) December 21, 2020
Actually the vast majority of deploys will become unstable with that. To be safe until January, better block UDP.
— Thorsten Rood (@ThorstenRood) December 22, 2020
View original article here Source
New Apple iPad (10.2-inch, Wi-Fi, 32GB) - Space Gray (Latest Model, 8th Generation)
$299.00 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Echo Show 8 -- HD smart display with Alexa – stay connected with video calling - Charcoal
$99.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Wyze Cam 1080p HD Indoor WiFi Smart Home Camera with Night Vision, 2-Way Audio, Works with Alexa & the Google Assistant, White, 1-Pack
$25.98 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Apple Watch Series 3 (GPS, 38mm) - Silver Aluminum Case with White Sport Band
$169.00 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)New Apple iPad (10.2-inch, Wi-Fi, 32GB) - Gold (Latest Model, 8th Generation)
$299.00 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Acer Aspire 5 Slim Laptop, 15.6 inches Full HD IPS Display, AMD Ryzen 3 3200U, Vega 3 Graphics, 4GB DDR4, 128GB SSD, Backlit Keyboard, Windows 10 in S Mode, A515-43-R19L, Silver
$364.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Sabrent 4-Port USB 2.0 Hub with Individual LED lit Power Switches (HB-UMLS)
$7.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Roku Streaming Stick+ | HD/4K/HDR Streaming Device with Long-range Wireless and Voice Remote with TV Controls
$46.89 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Fire HD 8 Kids Edition tablet, 8" HD display, 32 GB, Blue Kid-Proof Case
$139.99 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)VELCRO Brand ONE-WRAP Cable Ties | 100Pk | 8 x 1/2" Black Cord Organization Straps | Thin Pre-Cut Design | Wire Management for Organizing Home, Office and Data Centers
$11.58 (as of January 18, 2021 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)Amazon Auto Links: Could not resolve the given unit type, . Please be sure to update the auto-insert definition if you have deleted the unit.