UDP flood attack
   HOME

TheInfoList



Click Here for Items Related To - UDP flood attack
OR:
UDP flood attack on:   [Wikipedia]   [Google]   [Amazon]

A UDP flood attack is a volumetric
denial-of-service In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...
(DoS) attack using the
User Datagram Protocol In computer networking, the User Datagram Protocol (UDP) is one of the core communication protocols of the Internet protocol suite used to send messages (transported as datagrams in packets) to other hosts on an Internet Protocol (IP) network. ...
(UDP), a sessionless/connectionless computer networking
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...
. Using UDP for denial-of-service attacks is not as straightforward as with the
Transmission Control Protocol The Transmission Control Protocol (TCP) is one of the main protocols of the Internet protocol suite. It originated in the initial network implementation in which it complemented the Internet Protocol (IP). Therefore, the entire suite is commonly ...
(TCP). However, a UDP flood attack can be initiated by sending a large number of UDP
packet Packet may refer to: * A small container or pouch ** Packet (container), a small single use container ** Cigarette packet ** Sugar packet * Network packet, a formatted unit of data carried by a packet-mode computer network * Packet radio, a form ...
s to random
ports A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as H ...
on a remote host. As a result, the distant host will: * Check for the application listening at that port; * See that no application listens at that port; * Reply with an ICMP Destination Unreachable packet. Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients. The attacker(s) may also
spoof Spoof, spoofs, spoofer, or spoofing may refer to: * Forgery of goods or documents * Semen, in Australian slang * Spoof (game), a guessing game * Spoofing (finance), a disruptive algorithmic-trading tactic designed to manipulate markets __NOTOC__ ...
the
IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...
of the UDP packets, ensuring that the excessive ICMP return packets do not reach them, and anonymizing their network location(s). Most operating systems mitigate this part of the attack by limiting the rate at which ICMP responses are sent. UDP Flood Attack Tools: *
Low Orbit Ion Cannon Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the public domain and is cur ...
* UDP Unicorn This attack can be managed by deploying firewalls at key points in a network to filter out unwanted network traffic. The potential victim never receives and never responds to the malicious UDP packets because the firewall stops them. However, as firewalls are 'stateful' i.e. can only hold a number of sessions, firewalls can also be susceptible to flood attacks. There are ways to protect a system against UDP flood attacks. Here are examples of some of the possible measures: * ICMP rate-limiting: This limitation is generally placed on ICMP responses at operating system level. * Firewall-level filtering on the server: This enables suspicious packets to be rejected. However, it is possible for the firewall to collapse under the strain of a UDP flood attack. * Filtering UDP packets (except for DNS) at network level: DNS requests are typically made using UDP. Any other source generating huge amounts of UDP traffic is considered suspicious, which leads to the packets in question being rejected.


References


External links

*{{cite web , title=CA-1996-01: UDP Port Denial-of-Service Attack , url=https://resources.sei.cmu.edu/asset_files/WhitePaper/1996_019_001_496172.pdf#page=5 , website=Carnegie Mellon University Software Engineering Institute , archive-url=https://web.archive.org/web/20010124064800/http://www.cert.org/advisories/CA-1996-01.html , archive-date=2001-01-24 , access-date=14 September 2019 , url-status=live Denial-of-service attacks