First page Back Continue Last page Summary Graphics

UDP Flood


The UDP protocol is especially useful as a denial-of-service tool. Unlike TCP, UDP is stateless. Flow control mechanisms aren't included. There are no connection state flags. Datagram sequence numbers aren’t used. No information is maintained on which packet is expected next. It’s relatively easy to keep a system so busy responding to incoming UDP probes that no bandwidth is left for legitimate network traffic.

Because UDP services are inherently less secure than TCP services, many sites disable all UDP ports which aren't absolutely necessary. As mentioned earlier, almost all common Internet services are TCP-based.