www.cloudflare.com
Open in
urlscan Pro
2606:4700::6810:7c60
Public Scan
Submitted URL: https://updates.cloudflare.com/api/mailings/click/PMRGSZBCHI4DANZUGMZDQLBCOVZGYIR2EJUHI5DQOM5C6L3XO53S4Y3MN52WIZTMMFZGKLTDN5WS6...
Effective URL: https://www.cloudflare.com/en-gb/learning/ddos/udp-flood-ddos-attack/
Submission: On June 13 via api from US — Scanned from DE
Effective URL: https://www.cloudflare.com/en-gb/learning/ddos/udp-flood-ddos-attack/
Submission: On June 13 via api from US — Scanned from DE
Form analysis
0 forms found in the DOMText Content
+49 89 2555 2276 | Support | Log In | Log In | Why CloudflareSolutionsProductsDocumentationPricingPartners Support Under Attack? Sales: +49 89 2555 2276 Sign UpContact Sales Sign UpUnder Attack? UDP FLOOD ATTACK A UDP flood can overwhelm both a server and the firewall protecting it. LEARNING CENTER * What is a DDoS Attack? * What is a DDoS Botnet? * Common DDoS Attacks * Flood Attacks * DDoS Attack Tools * Glossary * Insights LEARNING OBJECTIVES After reading this article you will be able to: * Define a UDP flood DDoS attack * Be able to explain how a UDP flood attack works * Understand several mitigation strategies for UDP Floods Related Content -------------------------------------------------------------------------------- DNS Flood SYN Flood Attack HTTP Flood Famous DDoS Attacks Malware Copy article link WHAT IS A UDP FLOOD ATTACK? A UDP flood is a type of denial-of-service attack in which a large number of User Datagram Protocol (UDP) packets are sent to a targeted server with the aim of overwhelming that device’s ability to process and respond. The firewall protecting the targeted server can also become exhausted as a result of UDP flooding, resulting in a denial-of-service to legitimate traffic. HOW DOES A UDP FLOOD ATTACK WORK? A UDP flood works primarily by exploiting the steps that a server takes when it responds to a UDP packet sent to one of it’s ports. Under normal conditions, when a server receives a UDP packet at a particular port, it goes through two steps in response: 1. The server first checks to see if any programs are running which are presently listening for requests at the specified port. 2. If no programs are receiving packets at that port, the server responds with a ICMP (ping) packet to inform the sender that the destination was unreachable. A UDP flood can be thought of in the context of a hotel receptionist routing calls. First, the receptionist receives a phone call where the caller asks to be connected to a specific room. The receptionist then needs to look through the list of all rooms to make sure that the guest is available in the room and willing to take the call. Once the receptionist realizes that the guest is not taking any calls, they have to pick the phone back up and tell the caller that the guest will not be taking the call. If suddenly all the phone lines light up simultaneously with similar requests then they will quickly become overwhelmed. As each new UDP packet is received by the server, it goes through steps in order to process the request, utilizing server resources in the process. When UDP packets are transmitted, each packet will include the IP address of the source device. During this type of DDoS attack, an attacker will generally not use their own real IP address, but will instead spoof the source IP address of the UDP packets, impeding the attacker’s true location from being exposed and potentially saturated with the response packets from the targeted server. As a result of the targeted server utilizing resources to check and then respond to each received UDP packet, the target’s resources can become quickly exhausted when a large flood of UDP packets are received, resulting in denial-of-service to normal traffic. HOW IS A UDP FLOOD ATTACK MITIGATED? Most operating systems limit the response rate of ICMP packets in part to disrupt DDoS attacks that require ICMP response. One drawback of this type of mitigation is that during an attack legitimate packets may also be filtered in the process. If the UDP flood has a volume high enough to saturate the state table of the targeted server’s firewall, any mitigation that occurs at the server level will be insufficient as the bottleneck will occur upstream from the targeted device. HOW DOES CLOUDFLARE MITIGATE UDP FLOOD ATTACKS? In order to mitigate UDP attack traffic before it reaches its target, Cloudflare drops all UDP traffic not related to DNS at the network edge. Because Cloudflare’s Anycast network scatters web traffic across many Data Centers, we have sufficient capacity to handle UDP flood attacks of any size. Learn more about Cloudflare DDoS Protection. Sales * Enterprise Sales * Become a Partner * Contact Sales: * +49 89 2555 2276 About DDoS Attacks * What is a DDoS Attack? * What is a DDoS Botnet? * Famous DDoS Attacks * DDoS Mitigation DDoS Attacks * Memcached DDoS Attack * NTP Amplification Attack * DNS Amplification Attack * SSDP Attack * Low and Slow Attack * Application Layer Attack * Layer 3 Attacks * Cryptocurrency Attacks * Ransom DDoS attack * Smurf Attack (historic) * Ping of Death (historic) * ACK Flood Attack * DNS Flood * HTTP Flood * Ping (ICMP) Flood Attack * QUIC Flood Attack * SYN Flood Attack * UDP Flood Attack DDoS Attack Tools * How to DDoS * Low Orbit Ion Cannon * High Orbit Ion Cannon * R U Dead Yet? (R.U.D.Y.) * Slowloris Attack * DDoS Booter/IP Stresser * IP Spoofing * Malware * Mirai Botnet DDoS Glossary * Denial Of Service * Blackhole Routing * OSI Model * TCP/IP * ICMP * HTTP * Web Application Firewall (WAF) * User Datagram Protocol (UDP) * Layer 7 * Internet Of Things (IOT) Learning Center Navigation * Learning Center Home * DNS Learning Center * CDN Learning Center * Serverless Learning Center * Security Learning Center * Performance Learning Center * SSL Learning Center * Bots Learning Center * Cloud Learning Center * Access Management Learning Center * Network Layer Learning Center * Privacy Learning Center * Video Streaming Learning Center * Email Security Learning Center © 2022 Cloudflare, Inc.Privacy PolicyTerms of UseReport Security IssuesCookie PreferencesTrademark OUR SITE USES COOKIES Like most websites, we use cookies to make our site work the way you expect it to, improve your experience on our site, analyze site usage, and assist in our marketing efforts. By choosing "Accept", you agree to the storing of all categories of cookies on your device. If you wish to reject some or all categories of cookies, please click "More Options" Cookie Preferences Reject All Accept All Cookies