Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Netscaler 10010

Posted on 2013-12-14
4
Medium Priority
?
1,100 Views
Last Modified: 2016-10-25
Is there any ready to use config for sampleing an ip address to protect perfectly from
SYN
Botnet
.... And other possible attacks.


To understand general conditions of using netscaler. not for specific solutions
0
Comment
Question by:3XLcom
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 65

Expert Comment

by:btan
ID: 39719798
Any NetScaler appliance with system software version 8.1 or later automatically provides protection against SYN DoS attacks. It defends against SYN flood attacks by using SYN cookies instead of maintaining half-open connections on the system memory stack
Can also check surge protection and sure connect..

http://msandbu.wordpress.com/2013/05/28/managing-ddos-with-citrix-netscaler/

Significantly you should check on DoS primarily HTTP based..below shows the policy and configuration steps (see side bars for the various sections)

http://support.citrix.com/proddocs/topic/netscaler-dos-protection-93/ns-httpdosp-ebl-tsk.html

Other, NetScaler also protects network resources from ICMP based attacks by using ICMP rate limiting and aggressive ICMP packet inspection. It performs IP reassembly, drops a variety of suspicious and malformed packets, and applies Access Control Lists (ACLs) to site traffic for further protection.
0
 

Author Comment

by:3XLcom
ID: 39720008
I know that but as far as i know
for ex. if i push all my network to the netscaler
netscaler will only protect the added ip addresses and ports to the load balancing services ,
is that correct or does it act like ids and protect all network ?
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39720542
I dont recall specific ip needed to be added unless you are blocking specific based on access control list approach, even doing rate limiting just specify that it is based on client source ip but not that you needed to state ipaddress.

It is definitely not going to act as ids or should replace your ids. It is still just an application delivery controller with the layer7 visibility. However with application firewall added in, it will have signature from Sourcefire (snort)

See the article summarising it available defences  
http://support.citrix.com/article/CTX131681
0
 

Author Closing Comment

by:3XLcom
ID: 39721209
thanks
0
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This past year has been one of great growth and performance for OnPage. We have added many features and integrations to the product, making 2016 an awesome year. We see these steps forward as the basis for future growth.
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question