Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1093
Views
4
Helpful
1
Replies

UDP Bomb

Jhun Banzuela
Level 1
Level 1

‎03-16-2014 07:58 PM - edited ‎03-10-2019 06:09 AM

Hi Expert,

We are always detecting too many UDP bomb event.

It is low severity though. Normally the victim IP is a mobile device.

Is there a way to know what is causing and how to prevent .

 

Regards,

Jhun

Labels:
0 Helpful
1 Reply 1

Ravi Singh
Level 7
Level 7

‎04-17-2014 04:23 PM

UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will:

  • Check for the application listening at that port;
  • See that no application listens at that port;
  • Reply with an ICMP Destination Unreachable packet.

Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients.

To block it you can see the following link

http://kb.cyberoam.com/default.asp?id=1232

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card