Citrix announced that the company is aware of a DDoS attack pattern. It allows an attacker or bot to overwhelm the Citrix ADC DTLS network throughput, which can cause outbound bandwidth exhaustion. The attack’s effect is more prominent on connections with limited bandwidth. The company also stated that the scope of the attack is limited to a small number of customers currently.
DTLS amplification DDoS attack
The company is also stated that they are monitoring the events and there are no known Citrix vulnerabilities associated with this event. However, if the Citrix Security Response Team discovers that a product is vulnerable to DDoS attacks, information about affected products will be published.
Citrix also offers temporary mitigation to impacted customers. Disabling DTLS temporarily can stop an attack and eliminate the susceptibility to the attack. Citrix also stated that disabling the DTLS may cause limited performance degradation to real-time applications using DTLS. But if the environment doesn’t use DTLS, disabling it will have no performance impact. Disabling DTLS can be achieved by issuing the CLI command on Citrix ADC:
set vpn vserver <vpn_vserver_name> -dtls OFF