UDP Flood

User Datagram Protocol (UDP) is a connectionless protocol.  When data packets are sent via UDP, there is no handshaking required between sender and receiver, and the receiving system will just receive packets it must process.  A large number of UDP packets sent to a victim system can saturate the network, depleting the bandwidth available for legitimate service requests to the victim system.

When attacker conducts UDP Flood attack, the UDP packets are sent to either random or specified ports on the victim system.  Typically, UDP flood attacks are designed to attack random victim ports.  This causes the victim system to process the incoming data to try to determine which applications have requested data.  If the victim system is not running any applications on the targeted port, then the victim system will send out an ICMP packet to the sending system indicating a “destination port unreachable” message.

Untitled

Often, the attacking DoS tool will also spoof the source IP address of the attacking packets.  This helps hide the identity of the secondary victims and it insures that return packets from the victim system are not sent back to the zombies, but to another computer with the spoofed address.

UDP flood attacks may also fill the bandwidth of connections located around the victim system (depending on the network architecture and line-speed).  This can sometimes cause systems connected to a network near a victim system to experience problems with their connectivity.

To mitigate this type of attack we can use firewall or router who have firewall capabilities , also we can communicate with our ISP to limit effects of DoS to our systems .

The first version of the attack uses echo and chargen ports and creates endless loop between two hosts.

Untitled

Mitigations

To mitigate this type of attack we can use firewall or router who have firewall capabilities, also we can communicate with our ISP to limit effects of DoS to our systems.