CITS3002 Computer Networks  
prev
next CITS3002 help3002 CITS3002 schedule  

UDP Packet Spoofing

The User Datagram Protocol (UDP, RFC-768) is a lightweight transport protocol built on top of IP. UDP achieves extra performance from IP by not implementing some of the session-based features a more heavyweight protocol (like TCP) offers, and typically sees twice the throughput. Specifically:

  • UDP allows individual packets to be dropped (with no retries),

  • packets may be received in a different order than sent, and

  • applications using UDP, typically, do not establish a protocol-level session with their peers. Each request and reply pair are often independent.

An attacker may attack a UDP service because of these properties - the attacker is unconcerned about reply packets.

For example, the Network File Service (NFS) employs UDP to 'import' and 'export' file systems. NFS requests, to write, delete, or change file attributes are atomic, and can fit in a single UDP packet. Replies only return a simple OK and status.

A poorly configured system may permit NFS-based files to be visible to external hosts. An attacker may employ IP source spoofing over UDP, to modify or delete a file.

At the same time, an attacker may also spoof their own source addresses in attacks where reply packets are not important. The attacker does not care about the OK response!

CITS3002 Computer Networks, Lecture 11, Security of TCP/IP, p8, 15th May 2024.