User Datagram Protocol (UDP) is a connectionless protocol that does not require a constant connection to the receiving side to communicate. There is no guarantee for traffic carried via UDP, so the receiver might not get what you're sending. Other protocols offer some type of recovery , so if information, is lost a warning message is sent requesting the data to be resent. UDP can be the best choice protocol for high-demand systems that need traffic quickly. Voice over Internet Protocol (VoIP) is one of those high demand systems because if traffic is not on time, then the voice will cut in and out during the phone call. UDP ports can be the target for attacks and enough traffic can overwhelm a device. For this reason, you may want to limit all of the UDP traffic.
Log in to the device that is being attacked. When a router or switch is inundated by traffic, it will be difficult to get logged in because the resources that the box uses to let you in are the same resources that are used to process traffic. At the prompt, type your user name and password to enter. Entering your user name and password may have to repeated until it lets you in because of all the traffic the device is trying to deal with.
Configure (type, line-by-line) the following access list to deny all UDP traffic to the box.
"access-list 105 deny udp any any"
"access-list 105 permit any any"
The access list can be any number that you like between 100 to 199. This is an extended access list and will provide temporary relief from the traffic long enough to figure out a long-term plan. The "permit any any" line at the end is very important for this list. When building the list, there is a hidden command to deny all at the end.
Apply the access list to the interface that has all the traffic coming in.
Type the following to add the list:
"IP access-group 105 in"
The bad traffic should slow and you will regain control of your device. This fix could be a long-term solution if you do not have any UDP traffic that crosses your network.
Tips & Warnings
- Always save your changes.
- The "deny any" statement is standard for any type of access list.
- "The Illustrated Network: How TCP/IP Works in a Modern Network"; Walter Goralski; 2009.
- "Data and Computer Network Communication"; Shashi Banzal; 2007.
- "Introduction to Network Security"; Neal Krawetz; 2007.
- "CCNA Cisco Certified Network Associate Study Guide (Exam 640-802)"; Richard Deal; 2008.
- Photo Credit Thomas Northcut/Photodisc/Getty Images
What Is a UDP Flood?
The user datagram protocol (UDP) is a sessionless, or automatic, protocol that sends out packets, or groups of data. Protocols are sets...
How to Block VoIP Traffic
Voice-over-IP services allow users to place and receive telephone calls using special hardware or software, with the signal using the Internet instead...
How to Block Ports on Windows XP
Internet Protocol security, or IPSec, is a group of filtering rules used to help protect Windows XP users from the threat of...
How to Block a Traceroute
Traceroute refers to a program, or one of its functional derivatives, that maps the path information takes across the Internet from one...