What is UDP?
A UDP Flood attack is a Denial of Service (DoS) attack using User Datagram Protocol (UDP), a sessionless/connectionless computer network protocol.
Using UDP for a denial of service attack is not as straightforward as it is with Transmission Control Protocol (TCP). However, a UDP flood attack can be initiated by sending a large number of UDP packets to a random port on a remote server.
As a result, remote servers will:
– Test applications with ports;
– See that there is no application listening at the port;
– Respond with an ICMP Destination Unreachable packet.
Thus, for a large number of UDP packets, the victim system will be forced to receive many ICMP packets, eventually leading it to be inaccessible by other clients. Attackers can also spoof the IP address of UDP packets, ensure that excessive ICMP packets do not reach them, and anonymize their network location. Most operating systems mitigate part of the attack by limiting the rate at which ICMP responses are sent.
Software such as Orbit Ion Cannon Low and UDP Unicorn can be used to perform UDP ddos attacks. This attack can be managed by deploying firewalls at key points in a network for filtering. unwanted network traffic.
Potential victims never receive and never respond to malicious UDP packets because firewalls stop them, however as Firewalls can intercept packets, ie can only host one number of active sessions, Firewalls may also be vulnerable to ddos attacks.
The problem of UDP attacks is increasing day by day
Flood Attacks using UDP accounted for 49% of all DDoS attacks in the last quarter. This is information taken from the Q3 2016 DDoS Attack Trends Report recently published by Verisign.
Accordingly, Verisign said: User Datagram Protocol (UDP) flood attacks continued to dominate in Q3 2016, accounting for 49% of all attacks in the quarter. This. The most common UDP flooding attacks that have been mitigated are Domain Name System (DNS) response attacks, followed by Network Time Protocol (DNS). – NTP).
The most intense flood attack in Q3 2016 was a TCP SYN flood that peaked at around 60 Gigabits per second (Gbps) and 150 million packets per second (Mpps). This flood attack is one of the highest packets per second attacks ever observed by Verisign, surpassing the previous 125 Mpps attack that was mitigated by Verisign in the fourth quarter of this year. 2015.
The biggest attack in Q3 2016 took advantage of Generic Routing Encapsulation (GRE) protocol (IP protocol 47) and peaked at 250+ Gbps and 50+ Mpps. This is the first time Verisign has observed this type of attack on its customer database.
This is information that Verisign’s DDoS Prevention Services and Information Security Services Division made, based on online data about distributed denial of service (DDoS) attacks.
In addition, Verisign’s Q3 2016 DDoS Trends Report also shows some other important information. Detail:
– The average peak attack level in 2016 continued to increase compared to previous years. The average peak attack level in Q3 2016 reached 12.78 Gbps, an increase of 82% over the same period last year.
– 41% of DDoS attacks utilize 3 or more different attack types.
– IT/Cloud/SaaS services, which account for 37% of all mitigations, remained the most frequently targeted sectors over the past 8 quarters, followed by the financial sector, accounting for 29% .