User Datagram Protocol (RFC768).
The UDP protocol is very similar to the IP itself, because it's just able to send datagrams from an host to another, without
to try to make the link reliable. As IP, UDP datagrams can get lost, duplicated, or delivered out of order. Protocols using UDP that need
to be reliable have to implement retrasmission after a timeout on top of UDP. For instance the DNS protocol, that implements a request/reply
protocol on top of UDP retry to send the query after some time if no response was received from the DNS server.
The main abstraction that UDP adds to IP is the concept of port. With IP addresses it's possible to send data to a specific host,
but with ports it's possible to send data to a specific process of a specific host.
UDP header
This is the C structure for the UDP header:
struct udphdr {
__u16 source;
__u16 dest;
__u16 len;
__u16 check;
};
IP spoofing and UDP
Being UDP a datagram protocol there is no state, different UDP packets are not about the same connection.
If the application level protocol is not designed for security it's often very simple to do spoofing against protocols
implemented on top of UDP: it's as simple as to do spoofing with IP itself, the destination host can't tell what's
the real source of the packet, there is nothing of similar to the TCP sequence numbers (that often the attacker
can't guess, so it's not able to forge a valid packet).
See also IP, TCP, ICMP
|