Since 19 December 2020 7pm CET we see a possible worldwide DDOS amplify attack against Citrix Gateway UDP:443 DTLS EDT services.
11.01.2021: Added information about the new Citrix ADC Gateway (formerly NetScaler) firmware releases, which solve the memory leak issue with -helloVerifiyRequest
24.12.2020: Added information about the official Citrix Knowledge Center article CTX289674
Added a final summary, that repeats all possible solutions
Maked it a lot clearer, that -helloVerifiyRequest doesn’t seem to work well
22.12.2020: Added a warning note, that -helloVerifiyRequest doesn’t work on all Citrix ADC (NetScaler) firmware versions
21.12.2020: Added a third possible solution regarding -helloVerifiyRequest
21.12.2020: Initial version
During the night from Saturday (19.12.2020) to Sunday (20.12.2020) our Zabbix Monitoring informed us, that several Citrix Gateway VPX (50) appliances were at its license cap. We investigated the situation and soon found out, that we had 0 ICA sessions on most of them, hence no explanation for the traffic.
Dell has released a new major version of their ThinClient OS ThinOS, which focuses only on Citrix Workspace app enhancements.
A few days ago, Dell released ThinOS Version 9.0. To quote the release notes:
ThinOS 9.0 is a Citrix-specific release, which integrates Citrix Workspace app. Other Broker agent connections such as VMware, RDP, and Amazon WorkSpaces are not supported in this release. ThinOS 9.0 does not support the usage of INI parameters. You must use either Wyse Management Suite or the local Admin Policy Tool to manage your systems.