?
Solved

Netscaler 10010

Posted on 2013-12-14
4
Medium Priority
?
1,094 Views
Last Modified: 2016-10-25
Is there any ready to use config for sampleing an ip address to protect perfectly from
SYN
Botnet
.... And other possible attacks.


To understand general conditions of using netscaler. not for specific solutions
0
Comment
Question by:3XLcom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39719798
Any NetScaler appliance with system software version 8.1 or later automatically provides protection against SYN DoS attacks. It defends against SYN flood attacks by using SYN cookies instead of maintaining half-open connections on the system memory stack
Can also check surge protection and sure connect..

http://msandbu.wordpress.com/2013/05/28/managing-ddos-with-citrix-netscaler/

Significantly you should check on DoS primarily HTTP based..below shows the policy and configuration steps (see side bars for the various sections)

http://support.citrix.com/proddocs/topic/netscaler-dos-protection-93/ns-httpdosp-ebl-tsk.html

Other, NetScaler also protects network resources from ICMP based attacks by using ICMP rate limiting and aggressive ICMP packet inspection. It performs IP reassembly, drops a variety of suspicious and malformed packets, and applies Access Control Lists (ACLs) to site traffic for further protection.
0
 

Author Comment

by:3XLcom
ID: 39720008
I know that but as far as i know
for ex. if i push all my network to the netscaler
netscaler will only protect the added ip addresses and ports to the load balancing services ,
is that correct or does it act like ids and protect all network ?
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 39720542
I dont recall specific ip needed to be added unless you are blocking specific based on access control list approach, even doing rate limiting just specify that it is based on client source ip but not that you needed to state ipaddress.

It is definitely not going to act as ids or should replace your ids. It is still just an application delivery controller with the layer7 visibility. However with application firewall added in, it will have signature from Sourcefire (snort)

See the article summarising it available defences  
http://support.citrix.com/article/CTX131681
0
 

Author Closing Comment

by:3XLcom
ID: 39721209
thanks
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question