UDP - DDoS Protection

It is common knowledge that nowadays many developing companies, game publishers or even independent developers tends to choose UDP Protocol as their standard for their internet driven applications.

Although, compared with the TCP Protocol, the UDP Protocol does have its advantages and disadvantages, and we can (to enlighten the readers), enumerate a few of them here:

Key Advantages:

1. - Low latency between data exchange in both endpoints (server / client).
2. - High flexibility in protocol development.
3. - Connection less protocol, direct data exchange between both endpoints (server / client).
4. - Perfect for voice/video streaming based applications, or latency sensitive games (generally FPS in most cases).

Key Disadvantages:

1. - Since it is a connection less protocol, there is no session validation between connections, it means at any time one may start data transmission without passing through a handshake algorithm like TCP.
2. - No packet ordering guaranteed, this must be implemented and handled by the developer itself, while in TCP this is a mature feature, ensuring all packets are received in the same order as they have originated from the source.
3. - Vulnerabilities of all types when it comes to DDoS Attacks, either by the written applications acting as amplification vector for DDoS Attacks or being a target from these vectors (Such as DNS Amplification, NTP Amplification, Chargen Amplification, SNMP Amplification and much more, as there are dozens of vulnerable computers on the internet, ready to be used as amplification vectors). Also, still on this subject, these applications are often target of customized attacks, coded targeting the application in order to either cause resource exhaustion at the server-side or even a complete downtime. It is important to say, that while TCP adds a response time overhead in it's packet transmissions, it is much safer than UDP in these matters, due to the protocol design itself, removing this responsibility from the developers back.

An example of a customized/scripted UDP DDoS Attack towards a TeamSpeak voice server:



The solution:

Nowadays, we (HyperFilter), are working in our own DDoS Appliances, focused in helping the developers which depends/require of the usage of UDP Protocol based applications. We're capable in conjunction with them, to add behavior detection techniques in the middle of the communication and "identify" and "separate" the real user traffic, from forged/spoofed custom attacks, keeping their applications stable.

If you are running in troubles with UDP based DDoS Attacks, we are open to discuss with you, implementation plans, to improve and solve these issues in your corporation, keeping your business project rock solid, while you focus in the real objective, which is your business by itself. :)

Our engineering support team will always be looking forward to help you in any sort issues you may incur related to these types of attacks.