ALERT: DTLS Amplification Distributed Denial of Service Attack on Citrix ADC and Citrix Gateway

Posted January 6, 2021 by John Rohland

Citrix published Security Bulletin CTX289674 on December 23, 2020 covering a DDoS attack recently discovered in Citrix ADC (formerly known as Netscaler ADC), Citrix Gateway (formerly known as Netscaler Gateway).

The threat has been identified, with an increased risk of DDoS attack which could lead to outbound bandwidth exhaustion for any customer using  the DTLS for external ICA connections.

Citrix is stating that the threat is limited to a small number of customers around the world and there are no know vulnerabilities associated with this threat.

Citrix recommends administrators be cognizant of attack indicators, monitor their systems and keep appliances up to date.

Citrix has released patches that fully resolve the threat, along with making it possible to patch against them before the threat occurs.

This article lists the affected products, and provides the releases that remediate the vulnerabilities, as well as other precautions you should take.

EDCi is available to assist you with a security check and remediation patching to your environment. If you are in need of assistance, please contact the EDCi Technical Support Services Center at (800) 332-3553 or


Security Bulletin CTX289674