Introduction to web security UDP testing and defense

UDP Test principle

The tester sends a large number of... To the target server through the botnet UDP message , such UDP Messages are usually large packets , And the speed is very fast , It usually causes the following hazards . As a result, the server resources are exhausted , Unable to respond to a normal request , In severe cases, it will lead to link congestion .

The harm is 3 spot

1、 The general test effect is to consume network bandwidth resources , When it is serious, it will cause link congestion .

2、 A large number of variable source and variable port UDP Flood Will result in network devices relying on session forwarding , Performance degradation or even session exhaustion , This leads to network paralysis .

3、 If the test message is open to the server UDP Business port , The server needs to consume computing resources to check the correctness of the message , Affect normal business .

characteristic ：

UDP Message source in class test IP And source ports change frequently , But the message load generally remains unchanged or changes regularly .

Defensive skills

1、 According to the content of the message , You can extract “ The fingerprint ”, Then filter out these messages .

2、 Filter the non connected callback traffic , No release allowed .

Message analysis

Use wireshark Grab the bag , You can see , The test machine uses a random source address .