Advertisement
Help Keep Boards Alive. Support us by going ad free today. See here: https://subscriptions.boards.ie/.
https://www.boards.ie/group/1878-subscribers-forum

Private Group for paid up members of Boards.ie. Join the club.
Hi all, please see this major site announcement: https://www.boards.ie/discussion/2058427594/boards-ie-2026

Why would an Admin block UDP?

  • 27-05-2004 03:34PM
    #1
    IronMan
    Closed Accounts Posts: 598 ✭✭✭


    Hello
    Just doing an e-commerce exam tomoorow, and was looking over a past paper. Simple question, why is firewall security tougher to implement when UDP is used. I realise the strucuture of UDP, it being a connectionless protocol and used for specific applications. But I would like a number of suggestions as to why they would specifically block most UDP connections both incoming and outgoing, while letting almost all TCP connections through?

    Any few pointers or tips would be most appreciated!
    Cheers


Comments

  • #2
    jank
    Banned (with Prison Access) Posts: 13,016 ✭✭✭✭jank


    DNS uses udp as far as i know so u cant use the net (probably ways around it) but i dont really know the specifics about what you want to know!

    Most traffic is udp also

    do a google!!


  • #3
    theciscokid
    Closed Accounts Posts: 1,006 ✭✭✭theciscokid


    Well dns uses udp port 53 and alot of firewalls permit traffic coming from udp port 53..

    so if an attacker spoofs source port 53 it can allow traffic in , same goes for the ftp data tcp port 20..

    udp can be just as dangerous as tcp ports, for example port 161 can be easily targeted, snmp can be a very powerful weapon to use against a companies network..

    tools such as braa, onesixtyone and ADMsnmp come to mind..

    i'm not sure if thats the answer you wanted so overall its dangerous having them open if they aren't needed, some goes with tcp, but usually tcp ports are left open when theres services needed and known about..

    as jank says, alot of programs use udp that people don't know about, i mean you'd be very surprised how many companies scan for open tcp ports and don't even bother with udp :)


  • #4
    Gavin
    Registered Users, Registered Users 2 Posts: 4,660 ✭✭✭Gavin


    As you say UDP is a connectionless protocol. A stateful firewall works by maintaining records of current connections. this is straight forward with tcp, as it is a connectionful(?) protocol. Tracking UDP connections is not really doable, as UDP doesn't have connections as such.

    So on a firewall, were you to only allow established connections for example, this would not be possible with UDP, as there is no record of a previous outgoing connection in order to allow incoming packets. So with TCP you can allow only those connections that have been initiated from inside the firewall, whereas you can't do it as easily as with UDP.

    Gav


Advertisement