UDP flood attack
Encyclopedia
A UDP flood attack is a denial-of-service (DDoS) attack using the User Datagram Protocol
(UDP), a sessionless/connectionless computer networking protocol.
Using UDP for denial-of-service attacks is not as straightfforward as with the Transmission Control Protocol
(TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports
on a remote host. As a result, the distant host will:
Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker may also spoof
the IP address
of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, and anonymizing the attacker's network location(s).
This attack can be managed by deploying firewalls
at key points in a network to filter out unwanted network traffic. The potential victim never receives and never responds to the malicious UDP packets because the firewall stops them.
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
(UDP), a sessionless/connectionless computer networking protocol.
Using UDP for denial-of-service attacks is not as straightfforward as with the Transmission Control Protocol
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
(TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports
TCP and UDP port
In computer networking, a port is an application-specific or process-specific software construct serving as a communications endpoint in a computer's host operating system. A port is associated with an IP address of the host, as well as the type of protocol used for communication...
on a remote host. As a result, the distant host will:
- Check for the application listening at that port;
- See that no application listens at that port;
- Reply with an ICMPInternet Control Message ProtocolThe Internet Control Message Protocol is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be...
Destination UnreachableICMP Destination UnreachableThe Destination Unreachable message is an ICMP message which is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason. A Destination Unreachable message may be generated as a result of a TCP, UDP or another ICMP transmission...
packet.
Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker may also spoof
Spoofing attack
In the context of network security, a spoofing attack is a situation in which one person or program successfully masquerades as another by falsifying data and thereby gaining an illegitimate advantage.- Spoofing and TCP/IP :...
the IP address
IP address
An Internet Protocol address is a numerical label assigned to each device participating in a computer network that uses the Internet Protocol for communication. An IP address serves two principal functions: host or network interface identification and location addressing...
of the UDP packets, ensuring that the excessive ICMP return packets do not reach him, and anonymizing the attacker's network location(s).
This attack can be managed by deploying firewalls
Firewall (computing)
A firewall is a device or set of devices designed to permit or deny network transmissions based upon a set of rules and is frequently used to protect networks from unauthorized access while permitting legitimate communications to pass....
at key points in a network to filter out unwanted network traffic. The potential victim never receives and never responds to the malicious UDP packets because the firewall stops them.