next up previous
Next: Implications of reflector attacks Up: Filtering out reflector replies Previous: Other TCP applications /

Other UDP applications

To our knowledge, there are no other UDP applications sufficiently widespread to serve as a major potential pool of reflectors. If there were, however, and they did not reside on a well-known port (such as UDP port 19 for chargen [RP94]), then they could be used to attack UDP-based victim servers such as DNS servers by forging the victim's source address and well-known port. While the reflection generated by the application would be a junk request as far as the victim server was concerned, unless the request had a set of characteristics that permitted filtering it out, the victim would have to spend resources determining that the request was indeed invalid, and the attack would be effective.

Summary: while UDP applications could be a threat in principle, no immediate threat is apparent.



Vern Paxson
2001-06-26