UDP is a standard protocol for communication across IP networks, but since UDP packets are stateless, they require less error checking and validation, in contrast to TCP. A UDP flood attack attempts to overload a server with requests by saturating the connection tables on every accessible port on a server.

Filling the connection table with these requests prevents valid requests from being served, and the server can become inaccessible to valid clients.

F5 BIG-IP Advanced Firewall Manager (AFM) and BIG-IP Local Traffic Manager (LTM) prevent this kind of attack by adopting the "default deny posture.” In this configuration, the system denies these kinds of connections by default, unless they are from a recognized source. The result is that the protected network never sees the UDP flood requests, so they never impact network performance.

 

Related Content