Misplaced Pages

UDP flood attack

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.
Type of denial-of-service
This article relies largely or entirely on a single source. Relevant discussion may be found on the talk page. Please help improve this article by introducing citations to additional sources.
Find sources: "UDP flood attack" – news · newspapers · books · scholar · JSTOR (April 2024)
This article includes a list of general references, but it lacks sufficient corresponding inline citations. Please help to improve this article by introducing more precise citations. (April 2009) (Learn how and when to remove this message)

A UDP flood attack is a volumetric denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol.

Using UDP for denial-of-service attacks is not as straightforward as with the Transmission Control Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will:

  • Check for the application listening at that port;
  • See that no application listens at that port;
  • Reply with an ICMP Destination Unreachable packet.

Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker(s) may also spoof the IP address of the UDP packets, ensuring that the excessive ICMP return packets do not reach them, and anonymizing their network location(s). Most operating systems mitigate this part of the attack by limiting the rate at which ICMP responses are sent.

UDP Flood Attack Tools:

This attack can be managed by deploying firewalls at key points in a network to filter out unwanted network traffic. The potential victim never receives and never responds to the malicious UDP packets because the firewall stops them. However, as firewalls are 'stateful' i.e. can only hold a number of sessions, firewalls can also be susceptible to flood attacks.

There are ways to protect a system against UDP flood attacks. Here are examples of some of the possible measures:

  • ICMP rate-limiting: This limitation is generally placed on ICMP responses at operating system level.
  • Firewall-level filtering on the server: This enables suspicious packets to be rejected. However, it is possible for the firewall to collapse under the strain of a UDP flood attack.
  • Filtering UDP packets (except for DNS) at network level: DNS requests are typically made using UDP. Any other source generating huge amounts of UDP traffic is considered suspicious, which leads to the packets in question being rejected.

References

  1. "UDP flood". IONOS Digitalguide. 23 June 2022. Retrieved 2022-07-19.

External links

Category: