RE: Why TCP is more secure than UDP?

["Largacha Lamela, Daniel" <dlargac () mapfre com>]

Of course none of them can be labelled as secure protocols (TCP nor UDP). But in a context which should be some 
dialogue in or packet exchange between two nodes, TCP can be considered more secure. This assert is made upon de 
premise that it is easier spoofing the source IP Addr if there is not packet exchange, because if not, the attacker 
need a MIM attack which must impact the victim and also any other intermediate nodes (like ISP routers in an Internet 
based scenario). This change the context of an attack from one targeted to a multi-targeted attack shifting difficulty.

Regards 

Daniel Largacha Lamela
Departamento de Gerencia de Riesgos y Operaciones.
Dirección de Seguridad y Medio Ambiente MAPFRE
Tel. 91 5816260 Fax. 91 5819525
e-mail:dlargac () mapfre com


-----Mensaje original-----
De: listbounce () securityfocus com [mailto:listbounce () securityfocus com] En nombre de Javier Reyna Padilla
Enviado el: martes, 10 de julio de 2007 16:49
Para: paavan.shah () gmail com
CC: security-basics () securityfocus com
Asunto: Re: Why TCP is more secure than UDP?

You can read the RFC for this, but I think that the point is not
security,. TCP is conection based and UDP is conectionless


When you initiate a TCP transfer after every packet that is sent ans
acknowledge one is needed from the receiver, with UDP this is nos
necessary, that is the difference between this protocols.


paavan.shah () gmail com wrote:
> It is said that UDP is considered more vulnerable to spoofing than TCP?
>
> Can anyone point me to any document/link which describes TCP is more secure than UDP
>
>