Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: Why TCP is more secure than UDP?

RE: Why TCP is more secure than UDP?

From: Wilfred Smith <wilfred_at_esprit-omnimedia.com>
Date: Wed, 11 Jul 2007 19:16:45 -0400

It's not. If the UDP packet is encrypted, and the packets are not necessarily interchangeable, it can be more secure than TCP. UDP is highly underrated for its security attributes. It's much quicker for a server to determine that a UDP packet doesn't belong and discard it. An AES stream over TCP is a stronger challenge to a degree, but slightly less breakable packets + a quicker moving, unpredictable target means you need to act fast to break in. The usual caveats about exchanging keys through a separate, non-public mechanism apply.

If you're sniffing encrypted UDP packets, don't know the internal protocol and don't have the key, not only do you see indecipherable junk, but you also don't know which piece of indecipherable junk comes next, and if you can't send a synchronizing attack and capture response before the proper respondent can, there's no hope.

But then, I strongly believe that obscurity can be a major contributor (partial, but major) to more secure data exchanges over a public network.

W

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On Behalf Of David Gillett
Sent: Wednesday, July 11, 2007 9:05 AM
To: pal_adam_at_gmx.net; security-basics_at_securityfocus.com
Cc: paavan.shah_at_gmail.com
Subject: RE: Why TCP is more secure than UDP?

  In order to spoof a UDP packet, *all* you need to do is spoof the source IP address.
  To successfully spoof a TCP packet, you need to also successfully spoof TCP header fields relating to the state of the connection, such as the sequence number. Rather difficult to do reliably unless you've also been sniffing the conversation.

  It would be possible to build a UDP-based application protocol that tracked state and sequence number, and so was "as secure as TCP". In the process, you would probably lose all of UDP's performance advantage, and your implementation would likely still be a little weaker than what is already built into TCP.

David Gillett

> -----Original Message-----
> From: listbounce_at_securityfocus.com
> [mailto:listbounce_at_securityfocus.com] On Behalf Of pal_adam_at_gmx.net
> Sent: Tuesday, July 10, 2007 1:37 AM
> To: security-basics_at_securityfocus.com
> Cc: paavan.shah_at_gmail.com
> Subject: Re: Why TCP is more secure than UDP?
>
> Hi
>
> I dont understand what you mean by spoofing, since wherever you use
> UDP or TCP the underlying layer still remains IP so when you spoof a
> source you spoof an IP source.
> If you talk about a man-in-the-middle attack then taking a closer look
> at both protocols will show that UDP doesnt establish any connection
> before starting the communication.
> Using TCP you`ll need to ACK incomming data using a pre-established
> sequence number which makes the attack on TCP harder but not
> impossible.
>
>
> regards
>
> Adam Pal
>
>
>
> -------- Original-Nachricht --------
> Datum: 10 Jul 2007 02:11:12 -0000
> Von: paavan.shah_at_gmail.com
> An: security-basics_at_securityfocus.com
> Betreff: Why TCP is more secure than UDP?
>
> > It is said that UDP is considered more vulnerable to
> spoofing than TCP?
> >
> >
> > Can anyone point me to any document/link which describes
> TCP is more
> > secure than UDP
>
> --
> Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
> Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
>
Received on Jul 13 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos