What is a UDP Flood Attack?

User Datagram Protocol (UDP) is a connectionless, unreliable protocol used in computer networks. It operates on the transport layer of the Internet Protocol (IP) and provides fast, efficient data transfer across networks. Unlike TCP – its more reliable counterpart – UDP does not provide end-to-end reliability or flow control.

A UDP flood attack is a type of Distributed Denial of Service (DDoS) attack in which an attacker sends a large number of User Datagram Protocol (UDP) packets to a target port, causing the server to become overwhelmed and unable to respond to legitimate requests. This results in the target system becoming unresponsive.

How does a UDP flood attack work?

A UDP flood attack works by overwhelming a targeted system with User Datagram Protocol (UDP) packets. An attacker will send a large number of UDP packets with random data to the target port.

The receiving host checks unreachable applications and ports (by design by the attacker) associated with these datagrams and responds back with a “Destination Unreachable” response. The attackers may also spoof the return IP address making it unreachable as well. As more and more such packets are received, the server becomes flooded and unable to process legitimate requests or respond to other client requests.

Application, Layer 7 DDoS Attacks

How can a UDP flood attack be mitigated?

A UDP flood attack can be mitigated by utilizing a variety of methods. One of the most effective measures is to implement rate-limiting on incoming traffic. Rate-limiting is a technique that allows the server to limit the number of packets sent by each individual source address over a certain period of time. However, rate limiting may prevent legitimate traffic during surge conditions.

Radware DDoS protection (DefensePro, Cloud DDoS Protection Service), WAF (AppWall and Cloud WAF) and application delivery (Alteon with integrated WAF) solutions mitigate UDP Flood attacks by using machine-learning and behavioral-based algorithms to understand what constitutes a legitimate behavior profile and then automatically block malicious attacks. Radware manages user connections effectively without impacting legitimate requests, increasing protection accuracy while minimizing false positives and disruption to legitimate users.

Contact Radware Sales

Our experts will answer your questions, assess your needs, and help you understand which products are best for your business.

Already a Customer?

We’re ready to help, whether you need support, additional services, or answers to your questions about our products and solutions.

Get Answers Now from KnowledgeBase
Get Free Online Product Training
Engage with Radware Technical Support
Join the Radware Customer Program

Get Social

Connect with experts and join the conversation about Radware technologies.

Security Research Center