Solved

Netscaler 10010

Posted on 2013-12-14
4
1,081 Views
Last Modified: 2016-10-25
Is there any ready to use config for sampleing an ip address to protect perfectly from
SYN
Botnet
.... And other possible attacks.


To understand general conditions of using netscaler. not for specific solutions
0
Comment
Question by:3XLcom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39719798
Any NetScaler appliance with system software version 8.1 or later automatically provides protection against SYN DoS attacks. It defends against SYN flood attacks by using SYN cookies instead of maintaining half-open connections on the system memory stack
Can also check surge protection and sure connect..

http://msandbu.wordpress.com/2013/05/28/managing-ddos-with-citrix-netscaler/

Significantly you should check on DoS primarily HTTP based..below shows the policy and configuration steps (see side bars for the various sections)

http://support.citrix.com/proddocs/topic/netscaler-dos-protection-93/ns-httpdosp-ebl-tsk.html

Other, NetScaler also protects network resources from ICMP based attacks by using ICMP rate limiting and aggressive ICMP packet inspection. It performs IP reassembly, drops a variety of suspicious and malformed packets, and applies Access Control Lists (ACLs) to site traffic for further protection.
0
 

Author Comment

by:3XLcom
ID: 39720008
I know that but as far as i know
for ex. if i push all my network to the netscaler
netscaler will only protect the added ip addresses and ports to the load balancing services ,
is that correct or does it act like ids and protect all network ?
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39720542
I dont recall specific ip needed to be added unless you are blocking specific based on access control list approach, even doing rate limiting just specify that it is based on client source ip but not that you needed to state ipaddress.

It is definitely not going to act as ids or should replace your ids. It is still just an application delivery controller with the layer7 visibility. However with application firewall added in, it will have signature from Sourcefire (snort)

See the article summarising it available defences  
http://support.citrix.com/article/CTX131681
0
 

Author Closing Comment

by:3XLcom
ID: 39721209
thanks
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Resource timeout across a VPN 9 70
Network setup with cisco gear unable to get out internet from edge switches 2 57
Connectivity drops 9 77
Cisco AnyConnect VPN 4 44
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question