• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 116
  • Last Modified:

citrix netscaler 10010 udp flood

is there any possibility to block udp flood on netscaler ?
0
FireBall
Asked:
FireBall
  • 5
  • 4
1 Solution
 
Barry MolenwijkTechnical Support Specialist IICommented:
You could create an ACL (Access Control List) denying all UDP traffic.
In case you need to allow UDP from specific sources, you can create a new rule and place it in front of the deny, since an ACL reads from top to bottom.

There's nothing more you can do against a UDP flood, it's a nasty bugger.
0
 
FireBallITAuthor Commented:
Attack directly coming to port that we need so acl does not resolve
0
 
Barry MolenwijkTechnical Support Specialist IICommented:
What I meant was: If you set the ACL to block all UDP traffic from external sources and allow the traffic from the sources you do need, problem solved. If both sources are the same, you're royally screwed :(
0
 
FireBallITAuthor Commented:
Unfortinately there is a public stream on the port so we could not write an acl gor sources
0
 
Barry MolenwijkTechnical Support Specialist IICommented:
Sounds like worst case scenario to me then, as far as I know an ACL is the only solution to your problem. Is there a pattern (like a country or time) in the flood attack?
0
 
FireBallITAuthor Commented:
15  Byte packts the only similer thing
0
 
Barry MolenwijkTechnical Support Specialist IICommented:
Then you have to decide what the impact is of blocking all packets of that size. There is no other way I know.
0
 
FireBallITAuthor Commented:
how should we block depending on packet size on netscaler
0
 
FireBallITAuthor Commented:
Thank you
0
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now