The Internet Protocol (IP) serves as the foundation for the User Datagram Protocol’s (UDP) datagram transmission over a network. UDP eliminates the need for a pre-transmission three-way handshake between the sending and receiving hosts. Also, an end-to-end link is unnecessary.
UDP is well-suited to real-time or high-performance applications that don’t need data verification or correction because it doesn’t impose the overhead of connections, error checks, and retransmission of missing data. Verification can be done in the application layer if necessary.
Even though RPC can also run atop TCP, UDP is the protocol of choice for RPC applications. In order to ensure their own reliability, RPC applications must be aware that they are using UDP.
What is in a UDP packet header
Datagrams sent over UDP are preceded by a UDP header, which is comprised of four fields and a total of eight bytes.
UDP header fields include:
Source Port: - The source port is the port on the device that is sending the data. If the destination computer does not need to respond to the sender, this field can be set to zero.
Destination port: - The port on the device that will receive the data. UDP port numbers can range between 0 and 65,535.
Length: - The number of bytes that make up the UDP header and the UDP payload data. The underlying IP protocol used to transmit the data determines the UDP length field limit.
Checksum: - The checksum enables the receiving device to validate the packet header and payload. It is optional in IPv4 but is required in IPv6.
DDoS threats and vulnerabilities in UDP
Because UDP lacks a verification mechanism and end-to-end connections, it is vulnerable to a variety of DDoS attacks. Attackers can spoof packets with arbitrary IP addresses and send them directly to the application.
This contrasts with TCP, which requires a sender to receive packets from the receiver before communication can begin.
DDoS attacks designed to target UDP include:
UDP Flooding
A UDP flood occurs when large amounts of spoofed UDP packets are sent to multiple ports on a single server, with no way of determining the true source of the packets. The server overwhelms its resources by responding to all requests with ICMP ‘Destination Unreachable’ messages.
In addition to the traditional UDP flood, DDoS perpetrators frequently stage generic network layer attacks by flooding networks with bogus UDP packets. Only by scaling up a network’s resources on demand, as when using a cloud DDoS mitigation solution, can these attacks be mitigated.
DNS Amplification
A DNS amplification attack involves a perpetrator sending UDP packets to the victim’s DNS resolvers with a spoofed IP address that corresponds to the victim’s IP address. After that, the DNS resolvers send their response to the victim. The attack is designed in such a way that the DNS response is significantly larger than the original request, resulting in the amplification of the original attack.
It can overwhelm the target system if done on a large scale with many clients and multiple DNS resolvers. A 27Gbps DDoS attack can be amplified to as much as 300Gbps using amplification.
Scan UDP Ports
Attackers send UDP packets to server ports to see which ones are open. The port is not open if a server responds with an ICMP 'Destination Unreachable message. If no such response is received, the attacker deduces that the port is open and uses this information to plan an attack on the system.
Advantages and Disadvantages of UDP
Advantages of UDP
No retransmission delays: - UDP is ideal for time-critical applications that cannot afford retransmission delays due to dropped packets. Voice over IP (VoIP), online games, and media streaming are some examples.
Speed: - Because UDP is fast, it is useful for query-response protocols like DNS, where data packets are small and transactional.
Suitable for broadcasts: - UDP’s lack of end-to-end communication makes it suitable for broadcasts, in which transmitted data packets are addressed as receivable by all internet devices. UDP broadcasts can be received by many clients without requiring server-side processing.
Disadvantages of UDP
-
There is no guarantee of packet ordering.
-
There is no verification of the computer’s readiness to receive the message.
-
There is no safeguard against duplicate packets.
-
There is no guarantee that the destination will receive all the transmitted bytes. UDP, on the other hand, includes a checksum to verify the integrity of individual packets.