Security flaw in Citrix NetScaler enables DDoS attacks against thousands of users

Citrix security teams have issued a security alert related to an issue that could affect thousands of deployments of NetScaler, a widely used application delivery controller (ADC) device. It appears that exploiting this flaw would allow threat actors to launch distributed denial of service (DDoS) attacks.

Attackers may apparently easily consume Citrix ADC network performance and exhaust outbound bandwidth: “The effect of this attack appears to be much deeper than it appears, mainly on bandwidth-constrained connections,” the company report says.

These kinds of devices are designed to improve the performance and security of web applications delivered to online end users. The company mentions that the incident continues to be monitored to verify the actual impact of the attacks, noting that this condition is limited to a small number of Citrix customers worldwide.

Cybersecurity experts began tracking the flaw after some reports of DDoS UDP/443 attacks on Citrix devices over the past week.

DTLS security is based on the TLS protocol, which aims to provide secure communications in a way that is designed to prevent message tampering, tampering, or forgery. DTLS uses UDP, which would allow threat actors to forge IP packets and include an arbitrary source address; when Citrix ADC becomes the target of a large number of DTLS requests at the source IP address, the responses caused lead to oversaturation of bandwidth, creating the DDoS condition.

The company’s security teams continue to work to improve DTLS security and eliminate any risk of exploiting the failure, which could be completely corrected next January. To determine if your devices are vulnerable to this attack, the company recommends reviewing the volume of outbound traffic to detect any potential anomalies in your system’s resource consumption.