www.cloudflare.com Open in urlscan Pro
2606:4700::6810:7c60  Public Scan

Form analysis
0 forms found in the DOM

Text Content

 +49 89 2555 2276
|
Support
|
Log In
|

Log In
|

Why CloudflareSolutionsProductsDocumentationPricingPartners
Support
Under Attack?
Sales: +49 89 2555 2276
Sign UpContact Sales
Sign UpUnder Attack?



UDP FLOOD ATTACK

A UDP flood can overwhelm both a server and the firewall protecting it.

LEARNING CENTER

 * What is a DDoS Attack?
 * What is a DDoS Botnet?
 * Common DDoS Attacks
 * Flood Attacks
 * DDoS Attack Tools
 * Glossary
 * Insights

LEARNING OBJECTIVES

After reading this article you will be able to:

 * Define a UDP flood DDoS attack
 * Be able to explain how a UDP flood attack works
 * Understand several mitigation strategies for UDP Floods

Related Content

--------------------------------------------------------------------------------

DNS Flood

SYN Flood Attack

HTTP Flood

Famous DDoS Attacks

Malware

Copy article link


WHAT IS A UDP FLOOD ATTACK?

A UDP flood is a type of denial-of-service attack in which a large number of
User Datagram Protocol (UDP) packets are sent to a targeted server with the aim
of overwhelming that device’s ability to process and respond. The firewall
protecting the targeted server can also become exhausted as a result of UDP
flooding, resulting in a denial-of-service to legitimate traffic.


HOW DOES A UDP FLOOD ATTACK WORK?

A UDP flood works primarily by exploiting the steps that a server takes when it
responds to a UDP packet sent to one of it’s ports. Under normal conditions,
when a server receives a UDP packet at a particular port, it goes through two
steps in response:

 1. The server first checks to see if any programs are running which are
    presently listening for requests at the specified port.
 2. If no programs are receiving packets at that port, the server responds with
    a ICMP (ping) packet to inform the sender that the destination was
    unreachable.

A UDP flood can be thought of in the context of a hotel receptionist routing
calls. First, the receptionist receives a phone call where the caller asks to be
connected to a specific room. The receptionist then needs to look through the
list of all rooms to make sure that the guest is available in the room and
willing to take the call. Once the receptionist realizes that the guest is not
taking any calls, they have to pick the phone back up and tell the caller that
the guest will not be taking the call. If suddenly all the phone lines light up
simultaneously with similar requests then they will quickly become overwhelmed.

As each new UDP packet is received by the server, it goes through steps in order
to process the request, utilizing server resources in the process. When UDP
packets are transmitted, each packet will include the IP address of the source
device. During this type of DDoS attack, an attacker will generally not use
their own real IP address, but will instead spoof the source IP address of the
UDP packets, impeding the attacker’s true location from being exposed and
potentially saturated with the response packets from the targeted server.

As a result of the targeted server utilizing resources to check and then respond
to each received UDP packet, the target’s resources can become quickly exhausted
when a large flood of UDP packets are received, resulting in denial-of-service
to normal traffic.


HOW IS A UDP FLOOD ATTACK MITIGATED?

Most operating systems limit the response rate of ICMP packets in part to
disrupt DDoS attacks that require ICMP response. One drawback of this type of
mitigation is that during an attack legitimate packets may also be filtered in
the process. If the UDP flood has a volume high enough to saturate the state
table of the targeted server’s firewall, any mitigation that occurs at the
server level will be insufficient as the bottleneck will occur upstream from the
targeted device.


HOW DOES CLOUDFLARE MITIGATE UDP FLOOD ATTACKS?

In order to mitigate UDP attack traffic before it reaches its target, Cloudflare
drops all UDP traffic not related to DNS at the network edge. Because
Cloudflare’s Anycast network scatters web traffic across many Data Centers, we
have sufficient capacity to handle UDP flood attacks of any size. Learn more
about Cloudflare DDoS Protection.

Sales

 * Enterprise Sales
 * Become a Partner
 * Contact Sales:
 * +49 89 2555 2276

About DDoS Attacks

 * What is a DDoS Attack?
 * What is a DDoS Botnet?
 * Famous DDoS Attacks
 * DDoS Mitigation

DDoS Attacks

 * Memcached DDoS Attack
 * NTP Amplification Attack
 * DNS Amplification Attack
 * SSDP Attack
 * Low and Slow Attack
 * Application Layer Attack
 * Layer 3 Attacks
 * Cryptocurrency Attacks
 * Ransom DDoS attack
 * Smurf Attack (historic)
 * Ping of Death (historic)
 * ACK Flood Attack
 * DNS Flood
 * HTTP Flood
 * Ping (ICMP) Flood Attack
 * QUIC Flood Attack
 * SYN Flood Attack
 * UDP Flood Attack

DDoS Attack Tools

 * How to DDoS
 * Low Orbit Ion Cannon
 * High Orbit Ion Cannon
 * R U Dead Yet? (R.U.D.Y.)
 * Slowloris Attack
 * DDoS Booter/IP Stresser
 * IP Spoofing
 * Malware
 * Mirai Botnet

DDoS Glossary

 * Denial Of Service
 * Blackhole Routing
 * OSI Model
 * TCP/IP
 * ICMP
 * HTTP
 * Web Application Firewall (WAF)
 * User Datagram Protocol (UDP)
 * Layer 7
 * Internet Of Things (IOT)

Learning Center Navigation

 * Learning Center Home
 * DNS Learning Center
 * CDN Learning Center
 * Serverless Learning Center
 * Security Learning Center
 * Performance Learning Center
 * SSL Learning Center
 * Bots Learning Center
 * Cloud Learning Center
 * Access Management Learning Center
 * Network Layer Learning Center
 * Privacy Learning Center
 * Video Streaming Learning Center
 * Email Security Learning Center

© 2022 Cloudflare, Inc.Privacy PolicyTerms of UseReport Security IssuesCookie
PreferencesTrademark



OUR SITE USES COOKIES

Like most websites, we use cookies to make our site work the way you expect it
to, improve your experience on our site, analyze site usage, and assist in our
marketing efforts. By choosing "Accept", you agree to the storing of all
categories of cookies on your device. If you wish to reject some or all
categories of cookies, please click "More Options"

Cookie Preferences Reject All Accept All Cookies