Security Basics mailing list archives

Re: Why TCP is more secure than UDP?

From: "Buz Dale" <buz.dale () usg edu>
Date: Wed, 11 Jul 2007 15:18:42 -0400

I'll try and illustrate a security difference.  Lets say I have a
service called "Echo" that runs on both udp port 7 and tcp port 7 on
two machines on my lan (192168.1.1 or "Larry" and 192.168.1.2 or
"Curly".) Suppose this service just echoes back any packet I send it.
Suppose my tricky friend "Moe" is across the internet at 10.0.0.1 (Oh
yeah - and let's also suppose these are not rfc 1918 addresses.) Moe's
router and ISP are configured kinda loosely and don't really care
about source addresses, just destination.

If Moe uses a UDP packet with source 192.168.1.2 and destination
192.168.1.1, his first packet could (if My router configs are  a
little loose) get that packet to Larry, the content of that packet
"SLAP" will get echoed to Curly  who will then SLAP Larry who will
then SLAP Curly ad inifinitum. Burning network and CPU until noticed.
(works well actually with port 19 and Chargen as one of the ports and
7 as the other.)

If Moe uses a tcp packet with source 192.168.168.1.2 and a destination
of 192.168.1.1.  His packet will get to Larry and Larry will try and
handshake with Curly who won't have any idea of what's going on and
stop the transaction.

It's easy for Moe to "spoof" either udp or tcp but the udp packet is
more fun for Moe.

Luck,
Buz


On 7/10/07, pal_adam () gmx net <pal_adam () gmx net> wrote:

Hi

I dont understand what you mean by spoofing, since wherever you use UDP or TCP the underlying layer still remains IP so 
when you spoof a source you spoof an IP source.
If you talk about a man-in-the-middle attack then taking a closer look at both protocols will show that UDP doesnt 
establish any connection before starting the communication.
Using TCP you`ll need to ACK incomming data using a pre-established sequence number which makes the attack on TCP 
harder but not impossible.


regards

Adam Pal



-------- Original-Nachricht --------
Datum: 10 Jul 2007 02:11:12 -0000
Von: paavan.shah () gmail com
An: security-basics () securityfocus com
Betreff: Why TCP is more secure than UDP?

> It is said that UDP is considered more vulnerable to spoofing than TCP?
>
>
> Can anyone point me to any document/link which describes TCP is more
> secure than UDP

--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer



--
Buz Dale                                buz.dale () usg edu
IT Security Specialist              1-888-875-3697 (In GA)
1-706-583-2005
Office of Information and Instructional Technology
University System of Georgia
GMT -5:00

Current thread:

Why TCP is more secure than UDP? paavan . shah (Jul 09)
- RE: Why TCP is more secure than UDP? Uzair Hashmi (Jul 10)
- Re: Why TCP is more secure than UDP? webmaster (Jul 10)
- Re: Why TCP is more secure than UDP? pal_adam (Jul 10)
  - RE: Why TCP is more secure than UDP? David Gillett (Jul 11)
    - RE: Why TCP is more secure than UDP? Wilfred Smith (Jul 13)
  - Re: Why TCP is more secure than UDP? Buz Dale (Jul 11)
    - Re[2]: Why TCP is more secure than UDP? Adam Pal (Jul 11)
- Re: Why TCP is more secure than UDP? Javier Reyna Padilla (Jul 10)
  - RE: Why TCP is more secure than UDP? Largacha Lamela, Daniel (Jul 11)
  - Shifting to Single Domain, things to worry about! WALI (Jul 11)
    - Re: Shifting to Single Domain, things to worry about! Samir Pawaskar (Jul 12)
- Re: Why TCP is more secure than UDP? Jacco (Jul 10)
- RE: Why TCP is more secure than UDP? Goran Pizent (Jul 11)
- Re: Why TCP is more secure than UDP? Alex Cernat (Jul 11)
- RE: Why TCP is more secure than UDP? Yahsodhan Deshpande (Jul 11)
- Re: Why TCP is more secure than UDP? Leszek Jakubowski (Jul 11)

(Thread continues...)