Jump to content

How can a ddos solution can prevent a server from L7 ddos attack if the traffic is SSL encrypted ?

Recommended Posts

  • 2 weeks later...
  • 1 month later...

No I'm not referring a volumetric DDoS attack, my question is that what is the best protection method against L7 DDoS attack especially for not volumetric ones ? Rate Limiting is a good way to prevent from most of L7 DDoS attacks but i think it's better to first decrypt encrypted traffic on L7 DDoS device and then to send it to Citrix ADC to inspect the traffic one more time might be a better solution. I only want to learn best way of it.

Link to comment
Share on other sites

Why not let NetScaler (formerly known as Citrix ADC) decrypt it aswell?

also, i think you need to get your terminology straight, a DDoS - Distributed Denial of Service, IS some kind of volume metric attack. DoS - Denial of service, is just taking a service out, without too much fuzz (eg. taking up all connections from a single client and not closing them, leave the device unable to take in more connections - this is just an thought, not something that happens on NetScaler)

Could you please describe what kind of scenarios you are looking to protect from (and be as specific as possible) then we are better able to guide you in the right direction.

Stay True, Stay Real.

Link to comment
Share on other sites

Morten is correct and on the right track. The best way would be to let Netscaler decrypt the traffic.

Then you can use Botnet Framework, WAF , IP Reputation or several other of the Netscaler protection features handle it.

I have successfully handled several DDOS attackes using netscalers in the past. The problem is that if you are new to this with no experience implementing the correct protection / rules for the DDOS you are experiencing takes experience and will be a challenge.

I have successfully stopped several ddos attacks and made several companies survive black friday, lauch of playstation 5 and similar. I find Netsclaer to kick ass on stopping L7 DDOS attacks if you can decrypt the traffic. The problem is the config my friend.

Learning protocols, spotting patterns in the attack takes experience..

No i do not have time to help with config.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...