Many enterprises allocate significant resources to prevent damaging DDoS attacks – only to discover that critical gaps still exist. MazeBolt’s latest eBook explores some of the different aspects of network configuration that can leave organizations highly exposed to damaging downtime – even if they have premium DDoS protections deployed.
One example of a network configuration that typically leaves organizations highly exposed to DDoS attacks relates to User Datagram Protocol (UDP) traffic. Security teams tend to be less focused on UDP traffic than on TCP traffic, and this can leave the organizations highly vulnerable. Let’s explore why.
What is a UDP Small Packet DDoS Flood?
A UDP Small Packet Flood is a type of DDoS attack that sends a massive volume of small UDP packets to a target network. These packets are often not very large individually – but when sent in large amounts, they can overwhelm the target’s network resources.
Attackers typically exploit devices or systems with weak security measures in place, making it possible to launch attacks without detection. The small UDP packets contain little to no payload, but the volume is enough to clog up the target’s network bandwidth, routers, and firewalls – causing damaging downtime.
How UDP Small Packet Floods Work
Attackers initiate the flood by sending a high number of small UDP packets to random ports on the target server. The size of each packet ranges from 64 to 128 bytes, small enough for them to avoid detection by the traditional traffic analysis methods used by DDoS protections which are focused on filtering out large payloads.
The target’s network infrastructure is designed to handle traffic within normal load limits. However, when it receives thousands or millions of these small UDP packets, it begins to exhaust its resources. This strain causes congestion, resulting in slower response times, packet loss, or complete network shutdowns.
Recognizing Malicious Traffic on UDP
In some cases, DDoS protection solutions may be unable to identify if traffic coming through UDP protocols is legitimate. If the vendor hasn’t specifically configured the network to recognize malicious traffic on UDP, any DDoS attack that uses UDP will not be identified by the DDoS protection solution.
Keep in mind that most volumetric attacks go through UDP. As a result, if the network isn’t configured to recognize malicious traffic on UDP, this creates a high level of vulnerability.
Work with the Experts – Eliminate DDoS Vulnerabilities
Configuring the network to recognize malicious traffic on UDP is a common pitfall in network configuration that can lead to damaging DDoS downtime. MazeBolt’s latest eBook focuses on the best practices to follow, in order to avoid the most common pitfalls in network configuration. We explore issues such as:
- Ensuring that layer 3 and layer 4 attacks are blocked before they reach a stateful device
- Configuring the network to identify HTTPS traffic
- Ensure VPN traffic is allowed only from legitimate sources and directed only to the VPN server
- Checking pipeline bandwidth, if you are working in an on-prem. only environment
Careful and optimized network configuration is crucial to protecting your organization from attack and maintaining the continuity of critical online services. Learn from MazeBolt’s experts to gain further insights from their experience managing over 100,000 hours of annual DDoS attack simulations.
Read the security professional’s guide to configuring your network for robust DDoS defense. Download the eBook!
