A UDP-flood attack typically exploits the target system's chargen or echo services to create an infinite loop between two or more UDP services. CERT describes UDP-flood attacks as follows:
When a connection is established between two UDP services, each of which produces output, these two services can produce a very high number of packets that can lead to a denial of service on the machine(s)where the services are offered. Anyone with network connectivity can launch an attack; no account access is needed.
For example, by connecting a host's chargen service to the echo service on the same or another machine, all affected machines may be effectively taken out of service because of the excessively high number of packets produced. In addition, if two or more hosta are so connected, the intervening network may also become congested and deny service to all hosts whose traffice traverses that network.
Countermeasure : To counteract a UDP-flood attack, it's a good idea to disable the chargen and echo services unless and until you really need them. In addition, try to disable as many other UDP services (which are not really important) as possible.
0 comments:
Post a Comment