Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

UDP Bomb

Hi Expert,

We are always detecting too many UDP bomb event.

It is low severity though. Normally the victim IP is a mobile device.

Is there a way to know what is causing and how to prevent .

 

Regards,

Jhun

1 REPLY
Cisco Employee

UDP flood attack can be

UDP flood attack can be initiated by sending a large number of UDP packets to random ports on a remote host. As a result, the distant host will:

  • Check for the application listening at that port;
  • See that no application listens at that port;
  • Reply with an ICMP Destination Unreachable packet.

Thus, for a large number of UDP packets, the victimized system will be forced into sending many ICMP packets, eventually leading it to be unreachable by other clients.

To block it you can see the following link

http://kb.cyberoam.com/default.asp?id=1232

98
Views
4
Helpful
1
Replies
CreatePlease to create content