Another busy month of attacks in January, this time it is about High Orbit Ion Canon (HOIC) that is an app to facilitate DDoS attacks on web servers. See below for latest blog analysis
on this. It has link to both HOIC and LOIC (Low Orbit ION Canon) with details of the different attack approaches such LOIC using Java script embedded in a web page, binary version or UDP or TCP versions while HOIC is all about HTTP Dos.
There are many different options that customers have done to protect against attacks such as LOIC or HOIC. Some customers start the protection from their infrastructure design. Some design with horizontal scalable tier of NetScaler’s at one or more service providers where they could clear and buffer the attack traffic prior to connecting back to the origin servers at the enterprise.
There are some other customers that have more structured layered strategy with each layer doing specific actions, trying to stop as much as possible before it gets to the web servers as well (i.e. beginning upstream at their ISPs and working down). In this scenario, customers may have specific anti-DDoS and traffic deep inspection devices on their perimeter and then utilize NetScaler for specific needs. An example of a specific need is like looking for the presence of certain cookies using the NetScaler policy cookie encryption feature for specific and essential sections of the customer’s website. If the requests do not have the cookies, NetScaler typically drop the request or on some occasions redirect. There are also specific NetScaler features that customers have used with these kinds of attacks such as the following:
Access Control Lists
HTTP DoS Protection
Dropping Invalid HTTP Requests
There is a very thorough Citrix Knowledge Base internal doc
that outlines this L7 attack protection more in detail, written by our very own super Technical Relationship Manager (Mark Hillick) supporting many awesome customers in Europe. Citrix Sales/SEs should have access to this doc but all features described above also can be found at citrix.com download page for all the NetScaler docs.