Get news about our products, which events we are attending plus industry insights and commentary

Breaking Down DDoS UDP Flood Attacks

Written by Sarah Chandley on Wednesday, 03 October 2018. Posted in Cyber

A UDP flood is a type of volume based DDoS (Distributed Denial of Service) attack, where large numbers of UDP (User Datagram Protocol) packets are sent to a target server, limiting its ability to carry out its functions. UDP traffic doesn’t require a three-way handshake to make a connection like TCP (Transmission Control Protocol), it runs with lower overhead and is ideal to carry data that doesn’t need to be checked and rechecked, such as VoIP. This means it is easier for attackers to generate large traffic volumes with tools like Low Orbit Ion Cannon (LOIC) and UDP Unicorn.

When using this type of DDoS attack the primary aim is to overwhelm the target network with packets to random UDP ports with a forged source IP address. These requests force the target host to look for the application that is running on those random ports (which may or may not exist) and flood the network with Internet Control Message Protocol (ICMP) destination unreachable packets, thereby blocking legitimate requests.

This attack can be managed by deploying perimeter defences such as Intrusion Detection Systems in a network to filter out unwanted network traffic. The target network would then never receive and never respond to the malicious UDP packets because the IDS would stop them. However, as there is a limit to the number of sessions managed by most IDS’s, they can also be susceptible to a UDP flood attack.

It is thought over 56% of DDoS attacks are UDP floods, which is why DDoS attack visibility is so important. Security analysts need to right tools to enable them to quickly determine the origins of an attack, trace it’s footprint in the network, identify the type of attack vector and if it is masking something more sinister such as a data exfiltration.

In a carrier scale network DDoS attacks is one of the key challenges facing operators today, as resources for initiating a DDoS attack are becoming more easily available, so do the scale and frequency of the attacks.  Telesoft use un-sampled flow monitoring to provide network visibility, traffic analysis, attack detection, and attack mitigation...This email address is being protected from spambots. You need JavaScript enabled to view it..

About the Author

Sarah Chandley

Sarah Chandley

Sarah is an experienced B2B technology marketing professional, creating content for the Cyber Security, Telco and Government Infrastructure sectors. 

Information cookies

Cookies are short reports that are sent and stored on the hard drive of the user's computer through your browser when it connects to a web. Cookies can be used to collect and store user data while connected to provide you the requested services and sometimes tend not to keep. Cookies can be themselves or others.

There are several types of cookies:

  • Technical cookies that facilitate user navigation and use of the various options or services offered by the web as identify the session, allow access to certain areas, facilitate orders, purchases, filling out forms, registration, security, facilitating functionalities (videos, social networks, etc..).
  • Customization cookies that allow users to access services according to their preferences (language, browser, configuration, etc..).
  • Analytical cookies which allow anonymous analysis of the behavior of web users and allow to measure user activity and develop navigation profiles in order to improve the websites.

So when you access our website, in compliance with Article 22 of Law 34/2002 of the Information Society Services, in the analytical cookies treatment, we have requested your consent to their use. All of this is to improve our services. We use Google Analytics to collect anonymous statistical information such as the number of visitors to our site. Cookies added by Google Analytics are governed by the privacy policies of Google Analytics. If you want you can disable cookies from Google Analytics.

However, please note that you can enable or disable cookies by following the instructions of your browser.