Security Basics mailing list archives
Re: Why TCP is more secure than UDP?
From: levinson_k () securityadmin info
Date: 11 Jul 2007 17:48:41 -0000
Google will help: www.google.com/search?q=tcp+security+spoof It's not really advisable to state that TCP is more secure than UDP. SSH and SSL run over TCP, and those are subject to a variety of trivial attacks such as man-in-the-middle session hijacking via ARP spoofing, primarily if the attacker controls a system on the same local subnet as the client or the server. However, there are some security advantages to using TCP over UDP. For one thing, in the real world, it is less common that ongoing established TCP sessions and port scans would be spoofed. Some TCP attacks require the attacker to see the response packets in order to be of any benefit to the attacker. An attacker may not always be able to guarantee that she will see the reply packets (unless the attacker controls a system on the same subnet as the client or server, or somewhere on a dedicated path between the two). Some types of attacks can be mounted without the attacker seeing the reply, such as denial of service attacks or blind attacks where the attacker can guess the response. For other types of attacks like port scans or attacks at the application level (format attacks on listening TCP applications like RPC or HTTP), a security person who observes these attacks in an IDS or other security log can often reasonably assume that the source IP address is not likely to be spoofed. These issues can make it problematic to use firewall or router ACLs to secure UDP applications. For example, a common recommendation for securing UDP applications like SNMP v2 and TFTP is to use router ACLs to filter which source IP addresses are allowed to send data to these applications. But UDP makes it easier to spoof the source IP in order to bypass this security control. Also, with UDP not having any built-in mechanism to guarantee delivery or retransmit lost data, it may be easier for an attacker to delete, insert, modify or flood security-related logs like firewall and IDS logs that are sent via unprotected Syslog. UDP applications can still in theory add some of these protections such as guaranteed delivery at a higher level of the OSI networking model, such as the application layer. Not sure how often this is done, however. kind regards, Karl Levinson http://securityadmin.info
Current thread:
- Re: Why TCP is more secure than UDP?, (continued)
- Re: Why TCP is more secure than UDP? Javier Reyna Padilla (Jul 10)
- RE: Why TCP is more secure than UDP? Largacha Lamela, Daniel (Jul 11)
- Shifting to Single Domain, things to worry about! WALI (Jul 11)
- Re: Shifting to Single Domain, things to worry about! Samir Pawaskar (Jul 12)
- Re: Why TCP is more secure than UDP? Jacco (Jul 10)
- RE: Why TCP is more secure than UDP? Goran Pizent (Jul 11)
- Re: Why TCP is more secure than UDP? Alex Cernat (Jul 11)
- RE: Why TCP is more secure than UDP? Yahsodhan Deshpande (Jul 11)
- Re: Why TCP is more secure than UDP? Leszek Jakubowski (Jul 11)
- Re: Why TCP is more secure than UDP? krymson (Jul 10)
- Re: Why TCP is more secure than UDP? levinson_k (Jul 11)
- RE: Why TCP is more secure than UDP? Dave Koontz (Jul 12)
- Re: Why TCP is more secure than UDP? Javier Reyna Padilla (Jul 10)