UDP Flooding attack is implemented based on UDP transport layer, but is different from the TCP protocol, the UDP protocol is connectionless-oriented, i.e., direct communication between the client and the server, without establishing a connection. A malicious attacker to use UDP protocol for characteristics connectionless transmission large number of malicious UDP packet target network bandwidth, resulting in network congestion, and based on the type of application layer protocol is UDP protocol is also very much, for the defense UDP Flooding attacks also relatively difficult.

 

The UDP Flooding safety testing environment is based on TCP SYN Flooding safety test environment, test tools or the use of tools to achieve hping3 denial of service attacks based on UDP protocol.

 

UDP Flooding conduct safety tests on kali linux host:

 

Hping3 tool:

-a option indicates that the specified forged source ip address

--udp option representation UDP Flooding attack

-s option indicates the source port

-p option indicates that the target service open service port

--flood option indicates that the specified flooding attack

-d option indicates that the specified packet size UDP Flooding flooding attack, the 1000 byte size specified above figure

 

Packet capture analysis on the target host through wireshark tool:

Wireshark gripping tool in the data packet, source and destination encapsulation ip address, source port number and destination port number, when we tested on kali linux host specified, but if the packet size is not our designated 1000 bytes, but 1042 bytes, this extra 42 bytes of data is how come it?

 

This is because during UDP Flooding attack sends forged hping3 tool based on the BOOTP protocol data packet is a UDP protocol, the extra 42 bytes are actually BOOTP protocol header encapsulation.

 

 

See wireshark tool package BOOTP protocol packet:

Malformed Packet indicate abnormal packets, that is to say wireshark has been detected BOOTP protocol packet is problematic.

 

 

In order to better analyze wireshark crawl to traffic, you can use the I / O flow chart function, select wireshark: Statistics ---> I / O chart:

Fill in name, we have to crawl to udp, and then displays the filter column input data packet filtering, then the application icon in the red line indicates BOOTP protocol packet traffic trend, I / O charts performance is more intuitive.