User Datagram Protocol (UDP)
What is UDP?
User Datagram Protocol (UDP) refers to a protocol used for communication throughout the internet. It is specifically chosen for time-sensitive applications like gaming, playing videos, or Domain Name System (DNS) lookups. UDP results in speedier communication because it does not spend time forming a firm connection with the destination before transferring the data. Because establishing the connection takes time, eliminating this step results in faster data transfer speeds.
However, UDP can also cause data packets to get lost as they go from the source to the destination. It can also make it relatively easy for a hacker to execute a distributed denial-of-service (DDoS) attack.
In many cases, particularly with Transmission Control Protocol (TCP), when data is transferred across the internet, it not only has to be sent from the destination but also the receiving end has to signal that it is ready for the data to arrive. Once both of these aspects of the communication are fulfilled, the transmission can begin. However, with UDP, the data is sent before a connection has been firmly established. This can result in problems with the data transfer, and it also presents an opportunity for hackers who seek to execute DDoS attacks.
How Does UDP Work?
In comparison to other networking protocols, the process behind UDP is fairly simple. A target computer is identified and the data packets, called “datagrams,” are sent to it. There is nothing in place to indicate the order in which the packets should arrive. There is also no process for checking if the datagrams reached the destination.
Even though UDP comes with checksums, which are meant to ensure the integrity of the data, and port numbers, which help differentiate the role the data plays at the source and destination, the lack of an obligatory handshake presents a problem. The program the user is executing with the help of UDP is left exposed to unreliable facets of the underlying network.
As a result, the data may get delivered, and it may not. In addition, the order in which it arrives is not controlled, as it is in TCP, so the way the data appears at the final destination may be glitchy, out of order, or have blank spots.
However, in a situation where there is no need to check for errors or correct the data that has been sent, this may not pose a significant problem. This is one reason why UDP is used in video applications. Getting the video signal to its destination on time is worth the occasional glitches.
UDP vs. TCP
As data is transferred from one point to another, it is given a header, which tells devices what to do with it. The UDP header is a simple 8-byte fixed header. With TCP, on the other hand, the header can vary from 20 to 60 bytes. The fields for UDP port numbers are 16 bits long, giving them a range that goes from 0 up to 65535. The header consists of a 16-bit source port, a 16-bit destination port, a 16-bit length, and a 16-bit checksum. This is the information used to send the datagram toward its destination. The sending process does not involve any verification of a connection between the source and the destination.
TCP is different in that it requires a handshake between where the data originates and where it is headed. This makes TCP more reliable than UDP. In the course of a TCP communication, the data can only be sent along after the destination and source have been formally linked. With UDP, because no link is required, the data can be sent right away.
Another difference between TCP and UDP communications is that with TCP, the order in which the packets need to be received is confirmed before the transmission begins. Also, TCP provides for the confirmation that the packets arrived as intended. In the event that the packet does not arrive, TCP dictates that it needs to be sent again. UDP does not require any confirmation, checking, or resending.
If an application uses UDP, the users assume the risk of errors, the data not reaching its destination, or being duplicated. The reward for accepting this trade-off is better speed. UDP itself is not necessarily to blame for the data loss. The information in the header is sufficient to get the data where it needs to go, and the chronological order of the sending of the datagrams should keep them in order.
However, the majority of network routers are not capable of arrival confirmation or packet ordering. Data packets can get lost or duplicated. TCP accounts for this “weakness” in most network routers by making sure data gets where it is going and in the right order.
Applications of UDP
UDP is used for:
- The straightforward request/response communication of relatively small amounts of data, eliminating concerns regarding controlling errors or the flow of the packets
- Multicasting because UDP works well with packet switching
- Routing update protocols such as Routing Information Protocol (RIP)
- Real-time applications in which the information needs to be delivered quickly and smoothly
- The following implementations where it is a useful transport layer protocol:
- Network Time Protocol (NTP)
- Network News Protocol (NNP)
- Dynamic Host Configuration Protocol (DHCP), Bootstrap Protocol (BOOTP)
- Real Time Streaming Protocol (RTSP), Trivial File Transfer Protocol (TFTP), RIP
- Quote of the Day Protocol (QOTD)
How is UDP Used in DDoS Attacks?
While UDP is arguably faster and a better solution in situations where quick, real-time data reception is a must, it also leaves the receiver open to DDoS attacks.
During a DDoS attack, a site is bombarded with enormous amounts of datagrams. Each time there is an issue, the target computer has to reply with an Internet Control Message Protocol (ICMP) packet. The site’s server cannot handle all this activity and ends up getting “clogged” like a plugged drain. This prevents legitimate communications from getting through—they get a denial of service—and renders the site useless to well-meaning customers and clients who are trying to communicate with it.
UDP leaves a site particularly vulnerable to DDoS attacks because no handshake is required between the source and destination. The source can freely bombard the destination without getting the “OK” to do so.
If an organization limits the response rate that governs when ICMP packets are sent, they can mount a defense against DDoS attacks. It is also possible to respond to UDP traffic using a network of data centers, so fake requests do not overrun a single server.
How Fortinet Can Help
The way in which DDoS attacks are levied against enterprises is constantly changing. In addition, a multitude of technologies is used in the execution of the attacks. Therefore, to mount an effective defense, an organization needs a tool like FortiDDoS, which is a multilayered, dynamic security solution. With FortiDDoS, you get protection from known attack vectors, as well as zero-day attacks, and its responsive system guards your network with extremely low latency.
Also, FortiDDoS comes with analysis and reporting tools that you can use to keep stakeholders in the organization informed about the kinds of threats attempting to breach your defenses.
FortiDDoS examines the traffic bombarding your site and differentiates healthy traffic from traffic being leveraged in a DDoS attack. It then passes on the healthy traffic to your site and dismisses the malicious traffic. FortiDDoS empowers you to monitor many—hundreds of thousands—parameters at the same time. It also minimizes the number of false positives, saving your IT team valuable time.
What is UDP?
User Datagram Protocol (UDP) refers to a protocol used for communication throughout the internet. It is specifically chosen for time-sensitive applications like gaming, playing videos, or Domain Name System (DNS) lookups. UDP results in speedier communication because it does not spend time forming a firm connection with the destination before transferring the data.
What uses UDP?
UDP is frequently used when communications are time-sensitive. For users, it is better to have the overall transmission arrive on time than wait for it to get there in a near-perfect state. For this reason, UDP is commonly used in Voice over Internet Protocol (VoIP) applications as well.
For the listener, hearing what the speaker said relatively soon after it was spoken is preferable to waiting several seconds for crystal-clear speech. Similarly, with online gaming, experiencing less-than-ideal video or sound for a few moments is preferable to waiting for a clear transmission and risking losing the game in the interim.
What is the difference between TCP and UDP?
Transmission Control Protocol (TCP) requires a handshake between the sender and the receiver. TCP ensures that the data is sent in order, received, and that nothing is lost along the way. This takes more time but results in more consistent transmissions. UDP does not require any of this. It sends the data without any communication between the sender and the receiver.
Is UDP Secure?
UDP can be secure if protected by a tool like FortiDDoS. Because UDP is so susceptible to a DDoS attack, you need a solution like FortiDDoS to differentiate between healthy traffic and traffic being thrown at your server just to overwhelm it.