Citrix is warning customers about a DDoS attack targeting specific services associated with the Datagram Transport Layer Security protocol. In a recent threat advisory, the company stated the following:
Citrix is aware of a DDoS attack pattern impacting Citrix ADCs. As part of this attack, an attacker or bots can overwhelm the Citrix ADC DTLS network throughput, potentially leading to outbound bandwidth exhaustion. The effect of this attack appears to be more prominent on connections with limited bandwidth. At this time, the scope of attack is limited to a small number of customers around the world, and further, there are no known Citrix vulnerabilities associated with this event. If the Citrix Security Response Team discovers that a product is vulnerable to DDoS attacks because of a defect in Citrix software, information about affected products will be published as a security bulletin.
According to Citrix, they are working on a fix that they hope to deploy mid-January to lower DDoS threats against DTLS. Until then, the threat advisory states that the best way to mitigate the attack is to input the following CLI command on the Citrix ADC:
set vpn vserver <vpn_vserver_name> -dtls OFF
This command will temporarily disable DTLS, which may or may not affect performance depending on how much you use it. The biggest warning that Citrix gives in its threat report is that flight connections will freeze as DTLS traffic goes back to TLS (when DTLS is disabled).
This issue that results from the mitigation strategy is not to be taken lightly. As John Hammond, senior security researcher at Huntress, stated in an interview with SC Magazine:
Network owners and security practitioners need to weigh the risk and make an appropriate decision in the context of their own environment. Unfortunately, this is another advisory in a long list of exposures where we try and play catch-up on software security. For security practitioners today, this boils down to the age-old, tried-and-tested basics: evaluate the risk, monitor the situation, stay vigilant and update when manufacturers release a patch.
Featured image: Shutterstock