RE: Why TCP is more secure than UDP?

["Uzair Hashmi" <uzair () kse com pk>]

As far as data integrity is concerned both TCP and UDP are not secure at
all, unless other mechanism is entertained (e.g. Encryption, etc). TCP
is connection oriented protocol, meaning that it has a 3 way handshake
(SYN ACK etc). States of the packets are maintained in the TCP suite
(e.g. ESTABLISHED) which helps in accepting new packet rather they are
according to the handshake and state; thus giving a basic level of
security that the new packet is related to the previous packet (in the
same session / connection). Read RFC793 for TCP.

Whereas in case of UDP, there is no such concept. Each and every packet
in UDP is an independent packet, applications plant packet sequencing
logic in the payload of each packet. Read RFC768 for UDP.

In short; the logic that comprehend (or implement) connection
orientation of TCP, gives a very very basic level of security. I hope
this explains the core basic difference.

Best Regards,
Uzair


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of paavan.shah () gmail com
Sent: Tuesday, July 10, 2007 7:11 AM
To: security-basics () securityfocus com
Subject: Why TCP is more secure than UDP?


It is said that UDP is considered more vulnerable to spoofing than TCP?


Can anyone point me to any document/link which describes TCP is more
secure than UDP