Home

What is the worst thing about UDP?

#learning #security

27th of March 2021


What is the worst thing about UDP?

This was the image that my friend sent to our group chat that woke me in the morning. First I thought this is talking about Universal Basic Income, but it took me a minute to realize the initials don’t quite fit. Then I thought it’s about that U-something-P cable. The twisted one. Also no. So what the hell is UDP?

I thought I was clever. I reverse searched the image, got the only result, and it was a thread on r/iiiiiiitttttttttttt, so I can credit u/MiddleChicken for the image. But not much help there.

At the time of the writing, there are no real hints in the discussion below. So once I realised this UDP thing has something to do with security or data sending (I think?) and I only knew about half of the words in the most basic description of what UDP is, I thought I might try to crack the question. Well, that’s not entirely correct, my friend told me what the correct answer is - I don’t get it. But I don’t get it. So what is the worst thing about UDP?

Well, first I need to find out what UDP is. It stands for User Datagram Protocol and is a transport layer communication protocol and is a common protocol to use for voice and video. The transport layer is the second layer of the TCP/IP model and is used to pass segments (data) between two points. Another common protocol is TCP (Transmission Control Protocol) and these two are most commonly compared in the articles I found.

The biggest difference between the two are speed and reliance. TCP is slower because it is a connection-oriented protocol, which means that the data flow begins after a successful handshake between the two points. But UDP is connectionless and allows for a much faster beginning of data transmission because it doesn’t require a formally established connection to do so. This means that UDP is faster but less reliable since we cannot guarantee that the data was successfully received. So UDP is suitable for any use that requires fast transmission but can allow some data loss. Examples of that would be streaming, video conferencing, VOIP or online gaming. TCP has a set order of how the data should be sent and arrive, and also confirms the arrival on the other end. In case something went wrong it can also re-send this data. UDP just doesn’t care.

So at this point, I understand the joke (i hope).

What is the worst thing about UDP?

I don’t get it.

Exactly.

There are rumours that Slovenia is going into 14-day lockdown and I don’t want to panic-search for bean and lentil recipes for the tenth time this week. So I’ll try to expand on a mistake I made with my initial assumption of UDP.

I thought this was a security topic. It turned out I was only partially correct. There is this thing called UDP flood. It’s a form of DDoS attack in which a huge amount of UDP packets are sent to the server in order to overwhelm it. When the server receives any UDP package, it looks up if any application should be receiving it, and if not, it sends back a response (ICMP), notifying the sender, that the destination doesn’t exist or is unreachable. Since the server has to do this lookup for each received UDP package and send back the response, it can get overwhelmed. Since most operating systems limit the number of ICMP responses to hinder this kind of attacks, some legitimate traffic could get blocked and it results in denial-of-service.

I was always confused about how attackers hide their identity. This also confused me here. So the server has to respond with ICMP and send it back. So it knows where to go. I knew there are plenty of ways how attackers hide their identity, but now I know of one of them - spoofing.

Spoofing is a wider term of impersonating for malicious purposes. In our case can stand for the creation of IP packets with a modified source address that hides the real identity of the sender. Not only that this is a way of hiding the attacker’s identity, but it also makes filtering these attacks harder.

As in the example of the UDP flood, if the source address of UDP packages is constantly randomised, it’s harder to filter out malicious packages from the legitimate ones. Spoofing can also be used in more direct attacks of masquerading as another device or user in order to sidestep authentication or hijack a user’s session.

Well, realizing that I know next to nothing about the topic of digital security didn’t help with the anxiety, here is a collection of good lentil recipes. I think I’ll have to ask my friend for a few lessons.

Sources: