On Wed, 10 Jan 1996, Steven K. Sharp wrote:
> Please forgive me if this is a stupid question, but why is UDP such a bad
> thing? Especially things like RealAudio, this uses UDP to communicate (as
> do many other programs). What security risk does UDP pose?
As someone else detailed (more eloquently) earlier:
UDP is a connectionless protocol: i.e., it does not require an established
session for packets to be sent to and fro. For lack of a simpler, easier
explanation: the sender "spews" the packets without first establishing a
connected session, while the intended (or unintended...) recipient takes
the packets based on a few limited criteria (source address, destination
address/port, etc). RealAudio "randomizes" the UDP port that it tries to
connect to within a range. That means that to accept RealAudio on your
protected network, you must open a hole in your filter to allow UDP on a
number of ports. Because of the way other UDP-based apps were written,
this presents another vulnerability.
> I've seen that most people filter out all UDP first and then work from there
> with TCP. Would it be a gaping hole to allow it?
See above, hope it clears things up for you. The last explanation did for
Chris Woods Systems Administrator
com (office) Paladin Computing Solutions
net (home) http://www.paladin.com
"A computer without Windows is like a fish without a bicycle."