An Internet
transport layer protocol that is defined in STD 6, RFC 768. The UDP is a
connectionless protocol, meaning that no connection back to the sender is
required. Though it is a very fast protocol, it is unreliable.
A variety of well-established services rely on communication
through UDP. The Simple Network
Management Protocol (SNMP)
sends its alarms through UDP, the Routing
Information Protocol (RIP)
exchanges routing information through UDP, and the Domain Name Service (DNS)
transports its simple request with UDP.
UDP is perfectly suited for malicious activity and hiding
the identity of the attacker through IP address spoofing
because it is connectionless.
As shown in Figure 21-1, the UDP header confirms the
simplicity (and elegance) of this protocol. Though it contains only source and
destination ports, the same rules
apply for source and destination ports for UDP as for TCP. The source ports
typically are randomly generated. If traffic analysis therefore finds them to
be identical, a packet-crafting tool can be suspected to have generated these
packets for some possibly malicious activity. Destination ports are either well
known or reserved, but they can also have malicious activity hiding behind an
innocent-looking communication.
The length of the packet is contained in the UDP length
field, and a checksum ensures a level of integrity of the data.
See Also:
Domain Name Service (DNS); Internet; Port and Port Numbers; Routing Information
Protocol (RIP); Simple Network Management Protocol (SMTP); Spoofing.
QUT Division of Technology, Information and Learning Support. Network Glossary.
[Online, July 17, 2003.] QUT Division of Technology, Information and Learning
Support Website. http://www.its.qut.edu.au/network/glossary.jsp.
