Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway

Since 19 December 2020 7pm CET we see a possible worldwide DDOS amplify attack against Citrix Gateway UDP:443 DTLS EDT services.

Changelog

  • 11.01.2021: Added information about the new Citrix ADC Gateway (formerly NetScaler) firmware releases, which solve the memory leak issue with -helloVerifiyRequest
  • 24.12.2020: Added information about the official Citrix Knowledge Center article CTX289674
    Added a final summary, that repeats all possible solutions
    Maked it a lot clearer, that -helloVerifiyRequest doesn’t seem to work well
  • 22.12.2020: Added a warning note, that -helloVerifiyRequest doesn’t work on all Citrix ADC (NetScaler) firmware versions
  • 21.12.2020: Added a third possible solution regarding -helloVerifiyRequest
  • 21.12.2020: Initial version

The situation

During the night from Saturday (19.12.2020) to Sunday (20.12.2020) our Zabbix Monitoring informed us, that several Citrix Gateway VPX (50) appliances were at its license cap. We investigated the situation and soon found out, that we had 0 ICA sessions on most of them, hence no explanation for the traffic.

Zabbix Citrix Gateway Throughput Monitoring Graph
Zabbix Citrix Gateway Throughput Monitoring Graph

Continue reading “Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway”

Dell Wyse ThinOS 9.0 & Wyse Management Suite 2.0

Dell has released a new major version of their ThinClient OS ThinOS, which focuses only on Citrix Workspace app enhancements.

A few days ago, Dell released ThinOS Version 9.0. To quote the release notes:

ThinOS 9.0 is a Citrix-specific release, which integrates Citrix Workspace app. Other Broker agent connections such as VMware, RDP, and Amazon WorkSpaces are not supported in this release. ThinOS 9.0 does not support the usage of INI parameters. You must use either Wyse Management Suite or the local Admin Policy Tool to manage your systems.

The important part is, that you can no longer rely on your good old FTP server and the wnos.ini. You have to implement Wyse Management Suite Version 2.0, which is currently the only way to manage ThinOS 9.0. Wyse Management Suite Version 2.0 is free up to 10.000 devices with a slightly limited feature set. You can find all details in the Wyse Management Suite feature matrix. Continue reading “Dell Wyse ThinOS 9.0 & Wyse Management Suite 2.0”