Solved

Netscaler 10010

Posted on 2013-12-14
4
1,067 Views
Last Modified: 2016-10-25
Is there any ready to use config for sampleing an ip address to protect perfectly from
SYN
Botnet
.... And other possible attacks.


To understand general conditions of using netscaler. not for specific solutions
0
Comment
Question by:3XLcom
  • 2
  • 2
4 Comments
 
LVL 62

Expert Comment

by:btan
ID: 39719798
Any NetScaler appliance with system software version 8.1 or later automatically provides protection against SYN DoS attacks. It defends against SYN flood attacks by using SYN cookies instead of maintaining half-open connections on the system memory stack
Can also check surge protection and sure connect..

http://msandbu.wordpress.com/2013/05/28/managing-ddos-with-citrix-netscaler/

Significantly you should check on DoS primarily HTTP based..below shows the policy and configuration steps (see side bars for the various sections)

http://support.citrix.com/proddocs/topic/netscaler-dos-protection-93/ns-httpdosp-ebl-tsk.html

Other, NetScaler also protects network resources from ICMP based attacks by using ICMP rate limiting and aggressive ICMP packet inspection. It performs IP reassembly, drops a variety of suspicious and malformed packets, and applies Access Control Lists (ACLs) to site traffic for further protection.
0
 

Author Comment

by:3XLcom
ID: 39720008
I know that but as far as i know
for ex. if i push all my network to the netscaler
netscaler will only protect the added ip addresses and ports to the load balancing services ,
is that correct or does it act like ids and protect all network ?
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 39720542
I dont recall specific ip needed to be added unless you are blocking specific based on access control list approach, even doing rate limiting just specify that it is based on client source ip but not that you needed to state ipaddress.

It is definitely not going to act as ids or should replace your ids. It is still just an application delivery controller with the layer7 visibility. However with application firewall added in, it will have signature from Sourcefire (snort)

See the article summarising it available defences  
http://support.citrix.com/article/CTX131681
0
 

Author Closing Comment

by:3XLcom
ID: 39721209
thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now