UDP Flood Attack is one of the attacks causing host based Denial of Service. UDP is a connectionless protocol and it does not require any connection setup procedure to transfer data. A UDP Flood Attack is possible when an attacker sends a UDP packet to a random port on the victim system. When the victim system receives a UDP packet, it will determine what application is waiting on the destination port. When it realizes that there is no application that is waiting on the port, it will generate an ICMP packet of destination unreachable to the forged source address. If enough UDP packets are delivered to ports on victim, the system will go down.

UDP Flood Attack Mitigation

The UDP Flood Attack can be effectively reduced by deploying Firewalls at critical locations of a network to filter un-wanted traffic and from iffy sources. In addition, the following actions should be taken in your network:

1. Disable and filter chargen and echo services.
2. Disable and filter other unused UDP services.
3. If you must provide external access to some UDP services, consider using a proxy mechanism to protect that service from misuse.
4. Monitor your network to learn which systems are using these services and to monitor for signs of misuse.

Related Terms:Firewall, Denial of Service, DDOS, UDP