On Wed, 10 Jan 1996, Steven K. Sharp wrote:
> Please forgive me if this is a stupid question, but why is UDP such a bad
> thing? Especially things like RealAudio, this uses UDP to communicate (as
> do many other programs). What security risk does UDP pose?
As someone else detailed (more eloquently) earlier:
UDP is a connectionless protocol: i.e., it does not require an established
session for packets to be sent to and fro. For lack of a simpler, easier
explanation: the sender "spews" the packets without first establishing a
connected session, while the intended (or unintended...) recipient takes
the packets based on a few limited criteria (source address, destination
address/port, etc). RealAudio "randomizes" the UDP port that it tries to
connect to within a range. That means that to accept RealAudio on your
protected network, you must open a hole in your filter to allow UDP on a
number of ports. Because of the way other UDP-based apps were written,
this presents another vulnerability.
> I've seen that most people filter out all UDP first and then work from there
> with TCP. Would it be a gaping hole to allow it?
See above, hope it clears things up for you. The last explanation did for
me...
Chris Woods Systems Administrator
cjwoods @
paladin .
com (office) Paladin Computing Solutions
cjwoods @
gigotech .
net (home) http://www.paladin.com
"A computer without Windows is like a fish without a bicycle."
References:
|
|
