Re: Why TCP is more secure than UDP?

I'll try and illustrate a security difference. Lets say I have a
service called "Echo" that runs on both udp port 7 and tcp port 7 on
two machines on my lan (192168.1.1 or "Larry" and 192.168.1.2 or
"Curly".) Suppose this service just echoes back any packet I send it.
Suppose my tricky friend "Moe" is across the internet at 10.0.0.1 (Oh
yeah - and let's also suppose these are not rfc 1918 addresses.) Moe's
router and ISP are configured kinda loosely and don't really care
about source addresses, just destination.

If Moe uses a UDP packet with source 192.168.1.2 and destination
192.168.1.1, his first packet could (if My router configs are a
little loose) get that packet to Larry, the content of that packet
"SLAP" will get echoed to Curly who will then SLAP Larry who will
then SLAP Curly ad inifinitum. Burning network and CPU until noticed.
(works well actually with port 19 and Chargen as one of the ports and
7 as the other.)

If Moe uses a tcp packet with source 192.168.168.1.2 and a destination
of 192.168.1.1. His packet will get to Larry and Larry will try and
handshake with Curly who won't have any idea of what's going on and
stop the transaction.

It's easy for Moe to "spoof" either udp or tcp but the udp packet is
more fun for Moe.

Luck,
Buz


On 7/10/07, pal_adam@xxxxxxx <pal_adam@xxxxxxx> wrote:
Hi

I dont understand what you mean by spoofing, since wherever you use UDP or TCP the underlying layer still remains IP so when you spoof a source you spoof an IP source.
If you talk about a man-in-the-middle attack then taking a closer look at both protocols will show that UDP doesnt establish any connection before starting the communication.
Using TCP you`ll need to ACK incomming data using a pre-established sequence number which makes the attack on TCP harder but not impossible.


regards

Adam Pal



-------- Original-Nachricht --------
Datum: 10 Jul 2007 02:11:12 -0000
Von: paavan.shah@xxxxxxxxx
An: security-basics@xxxxxxxxxxxxxxxxx
Betreff: Why TCP is more secure than UDP?

> It is said that UDP is considered more vulnerable to spoofing than TCP?
>
>
> Can anyone point me to any document/link which describes TCP is more
> secure than UDP

--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer




--
Buz Dale buz.dale@xxxxxxx
IT Security Specialist 1-888-875-3697 (In GA)
1-706-583-2005
Office of Information and Instructional Technology
University System of Georgia
GMT -5:00

Relevant Pages

  • NFS problem with recent 2.6 kernels (also serial console weirdness)
    ... 100000 2 tcp 111 portmapper ... 100000 2 udp 111 portmapper ... mounted filesystem with ordered data mode. ... Mounted root (ext3 filesystem) readonly. ...
    (Linux-Kernel)
  • Re[2]: Why TCP is more secure than UDP?
    ... The point that you use TCP ur UDP doesnt really matter, ... Suppose this service just echoes back any packet I send it. ... BD> Suppose my tricky friend "Moe" is across the internet at 10.0.0.1 (Oh ...
    (Security-Basics)
  • Re: Open port PIX 501
    ... :i can't open the port in my PIX. ... :I need open the port 1000 to point to the IP 10.254.254.222. ... in practice only DNS servers doing zone transfers need tcp. ... of UDP, it would be a highly unusual client which did not stick ...
    (comp.dcom.sys.cisco)
  • Re: recvfrom() strange operation
    ... I have only one escape way for this kind of UDP operation. ... TCP receive you always send data to upper level in sequence, ... In case of UDP you do not know the packet ...
    (comp.os.linux.development.system)
  • Re: TCP Blocking sockets
    ... the tcp buffers don't fill up etc due to slow link speeds. ... With TCP/IP the receiving system will wait for the packet to ... >arrives, ... UDP doesn't ensure you data delivery, ...
    (alt.comp.lang.borland-delphi)