Security Basics mailing list archives
RE: Why TCP is more secure than UDP?
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 11 Jul 2007 09:05:05 -0700
In order to spoof a UDP packet, *all* you need to do is spoof the source IP address. To successfully spoof a TCP packet, you need to also successfully spoof TCP header fields relating to the state of the connection, such as the sequence number. Rather difficult to do reliably unless you've also been sniffing the conversation. It would be possible to build a UDP-based application protocol that tracked state and sequence number, and so was "as secure as TCP". In the process, you would probably lose all of UDP's performance advantage, and your implementation would likely still be a little weaker than what is already built into TCP. David Gillett
-----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of pal_adam () gmx net Sent: Tuesday, July 10, 2007 1:37 AM To: security-basics () securityfocus com Cc: paavan.shah () gmail com Subject: Re: Why TCP is more secure than UDP? Hi I dont understand what you mean by spoofing, since wherever you use UDP or TCP the underlying layer still remains IP so when you spoof a source you spoof an IP source. If you talk about a man-in-the-middle attack then taking a closer look at both protocols will show that UDP doesnt establish any connection before starting the communication. Using TCP you`ll need to ACK incomming data using a pre-established sequence number which makes the attack on TCP harder but not impossible. regards Adam Pal -------- Original-Nachricht -------- Datum: 10 Jul 2007 02:11:12 -0000 Von: paavan.shah () gmail com An: security-basics () securityfocus com Betreff: Why TCP is more secure than UDP?It is said that UDP is considered more vulnerable tospoofing than TCP?Can anyone point me to any document/link which describesTCP is moresecure than UDP-- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
Current thread:
- Why TCP is more secure than UDP? paavan . shah (Jul 09)
- RE: Why TCP is more secure than UDP? Uzair Hashmi (Jul 10)
- Re: Why TCP is more secure than UDP? webmaster (Jul 10)
- Re: Why TCP is more secure than UDP? pal_adam (Jul 10)
- RE: Why TCP is more secure than UDP? David Gillett (Jul 11)
- RE: Why TCP is more secure than UDP? Wilfred Smith (Jul 13)
- Re: Why TCP is more secure than UDP? Buz Dale (Jul 11)
- Re[2]: Why TCP is more secure than UDP? Adam Pal (Jul 11)
- RE: Why TCP is more secure than UDP? David Gillett (Jul 11)
- Re: Why TCP is more secure than UDP? Javier Reyna Padilla (Jul 10)
- RE: Why TCP is more secure than UDP? Largacha Lamela, Daniel (Jul 11)
- Shifting to Single Domain, things to worry about! WALI (Jul 11)
- Re: Shifting to Single Domain, things to worry about! Samir Pawaskar (Jul 12)
- Re: Why TCP is more secure than UDP? Jacco (Jul 10)
- RE: Why TCP is more secure than UDP? Goran Pizent (Jul 11)
- Re: Why TCP is more secure than UDP? Alex Cernat (Jul 11)
(Thread continues...)