CategoryUncategorised

Troubleshooting login problems with Citrix Gateway

T

last updated: April 26 2022 I am currently creating a slide deck for a CUGC event on May 11. It will be about securing Citrix (NetScaler) Gateway. During my work, I wanted to find out, what the cookie NSC_VPNERR is good for. After a successful login, its value is set to 3 (Citrix ADC 13.0, it’s not documented). With most of the current browsers, you have to press F12 to see the...

Mitigation for Log4J (CVE-2021-44228)

M

Last update: December 22nd 2021 Many of us, today, struggle with the Log4J security issue (CVE-2021-44228). It will take a long time to fix all apps, as the Apache log4J framework is built deep into several apps. For many of my customer’s apps, it’s still not clear, if whether they are affected, or not. At the same time, there are already exploits out there, allowing attackers to get shell access...

Export Citrix ADC (NetScaler) Syslog and TCP connection tables into Microsoft Excel

E

I recently had been asked, if it would be possible to export syslog files and the TCP connection table into Microsoft Excel. Exporting Syslog to Microsoft Excel Exporting the syslog file is quite simple: It’s just a tiny bash script: rm /var/log/output.csv while read -r month day time servity ip date timezone hostname ppe spacer msg; do printf "%s;" "$month $day $time" "$servity" "$ip"...

Citrix ADC / NetScaler, Rule based persistence

C

Citrix ADC / NetScaler has three types of persistence that sound similar: Rule-Based Persistence (RULE) Custom Server ID (CUSTOMSERVERID) URL Passive (URLPASSIVE) Rule-based persistnce set lb vserver <servername> -persistenceType RULE -rule "<request-rule>" -resRule "<response-rule>" -cltTimeout <persistence timeout> With rule-based persistence, we use the existing...

Securing a NetScaler

S

I started getting a bit confused about security of SSL during the last some month. First of all there was Mr. Edward Snowden. He told us about continuous massive attacks against SSL going on. NSA seems to be able to continuously trace our sessions. Next issue was Heartbleed (CVE-2014-0160). SSL renegotiation seemed to be a big issue. The last one is just a POODLE (CVE 2014-3566) (but never...

Recent Posts

Recent Comments