Re: HTTP over both TCP and UDP

From: Maxwell Lol <nospam@xxxxxxxxxxx>
Date: Sat, 02 May 2009 08:15:31 -0400

David Schwartz <davids@xxxxxxxxxxxxx> writes:

On Apr 30, 4:33 am, Maxwell Lol <nos...@xxxxxxxxxxx> wrote:

And since we are talking about a denial of service attack,
the only way to protect the system is to retain state.
TCP retains state. You have to add state to a UDP service to prevent a DDos.

Quite the opposite. You can refuse to retain state. If the UDP
protocol specifies that a UDP packet that doesn't match a retained
state is silently discarded, you don't need to maintain any state
about the attack to quickly drop all the attack packets.

You make no sense.

If it doesn't match a retained state, then you
are using state to determine if the datagram is valid.

Explain HOW you think this would work.
I want to see exactly what you are thinking

You have a UDP web server listening to port 80.
A packet arrives. It asks for an image.

Now give me the algorithm you will use to determine if this is a
valid UDP packet, or a packet from someone trying to overload your server.

So now you have 100,000,000,000 incoming UDP packets, and 0.1% are from
normal clients.

If someone can bomb you with so many UDP packets your network is
overwhelmed, you're screwed whether you are listening for those
packets or not.

Syn floods are not new, and there exists ways to protect servers from them.

See the wikipedia article.

So TCP-based servers do not have this problem.

UDP-based servers cannot limit incoming connections unlesss they
authentiate the packet (which uses CPU resources and/or requires
retaining state).

.

Follow-Ups:
- Re: HTTP over both TCP and UDP
  - From: David Schwartz

References:
- Re: HTTP over both TCP and UDP
  - From: David Schwartz

Prev by Date: Re: Setting up a linux fileserver
Next by Date: Re: HTTP over both TCP and UDP
Previous by thread: Re: HTTP over both TCP and UDP
Next by thread: Re: HTTP over both TCP and UDP
Index(es):
- Date
- Thread

Relevant Pages

Re: Multiple closed networks and UDP. Please help me.
... Each of the three computers will be in its own closed network. ... I have worked with TCP many times, but never UDP. ... When I open a socket to receive one UDP socket stream do I ... there is a packet to receive. ...
(microsoft.public.vc.mfc)
Re: Multiple closed networks and UDP. Please help me.
... Each of the three computers will be in its own closed network. ... I have worked with TCP many times, but never UDP. ... I believe that the TCP connection will be assigned based on the IP ... there is a packet to receive. ...
(microsoft.public.vc.mfc)
Re: [Full-disclosure] Microsoft Windows vulnerability in TCP/IP Could Allow Remote Code Executio
... maybe abit more about packet infos.. ... more when the author comes out with it wich is, possibly never, but, i ... wich the port opens, but this is undisclosed. ... I have looked at this and, you dont need to be udp... ...
(Full-Disclosure)
Re: Multiple closed networks and UDP. Please help me.
... Each of the three computers will be in its own closed network. ... I have worked with TCP many times, but never UDP. ... I believe that the TCP connection will be assigned based on the IP address. ... there is a packet to receive. ...
(microsoft.public.vc.mfc)
Re: Multiple closed networks and UDP. Please help me.
... They are based on how I would use UDP in this circumstance. ... Each of the three computers will be in its own closed network. ... I believe that the TCP connection will be assigned based on the IP address. ... there is a packet to receive. ...
(microsoft.public.vc.mfc)