Citrix devices are being abused as DDoS attack vectors

Citrix says it's working on a fix, expected next year.



Threat actors have discovered a way to bounce and amplify junk web traffic against Citrix ADC networking equipment to launch DDoS attacks.

While details about the attackers are still unknown, victims of these Citrix-based DDoS attacks have mostly included online gaming services, such as Steam and Xbox, sources have told ZDNet earlier today.

The first of these attacks have been detected last week and documented by German IT systems administrator Marco Hofmann.


Hofmann tracked the issue to the DTLS interface on Citrix ADC devices.


DTLS, or Datagram Transport Layer Security, is a more version of the TLS protocol implemented on the stream-friendly UDP transfer protocol, rather than the more reliable TCP.


Just like all UDP-based protocols, DTLS is spoofable and can be used as a DDoS amplification vector.

What this means is that attackers can send small DTLS packets to the DTLS-capable device and have the result returned in a many times larger packet to a spoofed IP address (the DDoS a