UDP Attack(Packet Attack-type3)
Posted by swagat
---------------------------------------------------------------------------------


UDP is a protocol that is used to transfer data. Short for USER DATAGRAM PROTOCOL. UDP offers very little error correction and is used as an alternative means for data transfer. It doesn't require the 3 way handshake such as the SYN/ACK method, so its initial attack may not take down a remote daemon as quickly. UDP is generally used to broadcast messages over a network. A UDP attack would consist of spoofing the source IP addresses and specifying a port number like in the SYN attack above. UDP packets are generally large because they are usually used on closed 100mb subnets (LANS). So an attack would set flags in the packets and fragment them (break them up and flag where in the packet they broke, so they can be reassembled on the receiving end). For example in Windows 2000 there was a remote UDP DOS exploit that used the IKE service running on port 500. All an attacker had to do was connect to port 500 on a random machine with that port open. Start sending massive UDP packets (above 500 bytes) to that service and the CPU usage would hit 99% and the machine would lock up. The typical ports that accept UDP packets are 7, 13, 19 and 37 on a Windows box.