Resources Banner

Glossary - U

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

 

UDP Flood

During a UDP flood, a victim server receives spoofed UDP packets at a very high packet rate and with a large source IP range. The victim server is overwhelmed by the large number of incoming UDP packets. The attack consumes network resources and available bandwidth, exhausting the network until it shuts down. A full communication handshake is not used in the UDP software to exchange data, making UDP attacks difficult to detect and extremely effective in flooding the network bandwidth. UDP floods can overwhelm a network with packets containing randomized or fixed Source IP addresses and can be designed to target a specific server by using the victim’s information as the Destination port and IP within the packets.

 

UDP Fragmentation

A variation of the UDP flood. The attacker uses large packets (1500 bytes) to consume more bandwidth with fewer packets. Since these fragmented packets are forged and have no real relationship for reassembly, the victim server receiving these packets will spend CPU resources to “reassemble” useless packets. This often causes the processors to overload and sometimes reboot the entire system. This attack is harder to identify because it resembles good traffic.