I have a Citrix Netscaler and want to configure the appliance appropriately so that it can protect my hosts from a DDOS. Is this something I can do here, or must I take action on the host itself?
Asked
Active
Viewed 3,304 times
1 Answers
1
An answer will depend on what you mean by DDoS protection. From your title, you are concentrating on network overload DDoSing:
The further out from your application that you run the protection the better it will do - and the commercial DDoS mitigation services work with your ISP. (Not: they call it mitigation for a reason - if an attacker really wants to DDoS you it is just a case of scaling up the numbers until they succeed)
Running protection at your own border router is next best, so using the Netscaler device in conjunction with alternate routing will also go some way to reducing the load in the event of an attack.
Host protection can also be used, but if you allow a DDoS to get this far, the host will have so many network connections to it, that it may be unable to drop them fast enough.
Have a look at this question on DDoS protection in firewalls and this one regarding application protection.
For NetScaler TCP DDos protection have a look at How to Configuring the Rate Limiting Feature of a NetScaler Appliance to Mitigate a DDoS Attack. There is no mention of UDP capability.
Rory Alsop
- 61,367
- 12
- 115
- 320
-
1Added reference to CTX127917 support article. Agree completely with the rest. You will be able to protect has much as the NetScaler can handle, then the NetScaler will be DDoS'ed. Protect at your IPS if you can. – Bernie White Jan 23 '12 at 21:50