One 、UDP Flood Attack principle

UDP Flood It is an increasingly rampant flow type DoS attack , The principle is also simple . It is common to use a large number of UDP Impact bag DNS Server or Radius Authentication server 、 Streaming video server . 100k pps Of UDP Flood Often break down the backbone equipment on the line, such as firewall , Cause the paralysis of the whole network segment . because UDP Protocol is a connectionless service , stay UDP FLOOD In attack , An attacker can send a large number of forged sources IP Small address UDP package . however , because UDP The protocol is connectionless , So just open one UDP If the port provides relevant services , Then you can attack related services .

In normal application ,UDP Packet traffic will be basically equal in both directions , And the size and content are random , Changed a lot . appear UDP Flood Under the circumstances , For the same goal IP Of UDP There are a lot of bags on one side , And the content and size are fixed .

Two 、UDP Flood defense

UDP Deal with the TCP Different agreements , Is a connectionless protocol , also UDP There are a variety of application protocols , It's very different , So for UDP Flood It's very difficult to protect . Its protection shall be treated according to specific conditions ：

Determine package size , If it is a large packet attack, use prevention UDP Fragmentation method ： Set the packet fragment reassembly size according to the attack packet size , Usually not less than 1500. In extreme cases , Consider discarding all UDP debris .

The attack port is the service port ： According to the business UDP Maximum package length setting UDP Maximum packet size to filter abnormal traffic .

The attack port is a non service port ： One is to discard all UDP package , May injure normal business ; One is to establish UDP Connection rules , It requires that all the... Going to this port UDP package , Must first be with TCP Port establishment TCP Connect . However, this method needs to be supported by a professional firewall or other protective equipment .

Hand in hand Chi net Explore together “ What cool things can you do with a server ？”