Solved

Netscaler 10010

Posted on 2013-12-14
4
1,073 Views
Last Modified: 2016-10-25
Is there any ready to use config for sampleing an ip address to protect perfectly from
SYN
Botnet
.... And other possible attacks.


To understand general conditions of using netscaler. not for specific solutions
0
Comment
Question by:3XLcom
  • 2
  • 2
4 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39719798
Any NetScaler appliance with system software version 8.1 or later automatically provides protection against SYN DoS attacks. It defends against SYN flood attacks by using SYN cookies instead of maintaining half-open connections on the system memory stack
Can also check surge protection and sure connect..

http://msandbu.wordpress.com/2013/05/28/managing-ddos-with-citrix-netscaler/

Significantly you should check on DoS primarily HTTP based..below shows the policy and configuration steps (see side bars for the various sections)

http://support.citrix.com/proddocs/topic/netscaler-dos-protection-93/ns-httpdosp-ebl-tsk.html

Other, NetScaler also protects network resources from ICMP based attacks by using ICMP rate limiting and aggressive ICMP packet inspection. It performs IP reassembly, drops a variety of suspicious and malformed packets, and applies Access Control Lists (ACLs) to site traffic for further protection.
0
 

Author Comment

by:3XLcom
ID: 39720008
I know that but as far as i know
for ex. if i push all my network to the netscaler
netscaler will only protect the added ip addresses and ports to the load balancing services ,
is that correct or does it act like ids and protect all network ?
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39720542
I dont recall specific ip needed to be added unless you are blocking specific based on access control list approach, even doing rate limiting just specify that it is based on client source ip but not that you needed to state ipaddress.

It is definitely not going to act as ids or should replace your ids. It is still just an application delivery controller with the layer7 visibility. However with application firewall added in, it will have signature from Sourcefire (snort)

See the article summarising it available defences  
http://support.citrix.com/article/CTX131681
0
 

Author Closing Comment

by:3XLcom
ID: 39721209
thanks
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question