0

In accordance to the recent question Why is TCP more secure than UDP?. How would an "attack" look when it comes to the practical aspect? A great example would be the use of TCP or UDP for Microsoft Remote Desktop (RDP) sessions using the mstsc command in Windows.

It's known to usually have way better user experience and speed when using UDP instead of TCP. As Steve Sether answered the point especially is to have an established connection first. Also he stated it depends on the application's implementation which seems a bit like a blackbox to me.

If TCP is more "secure", how would a practical UDP "attack" look, for example during the initiation of a MS RDP connection? In other words, would it technically be possible to spoof anything during initiation of such session over UDP, that would not be possible using TCP?

Bob Ortiz
  • 6,234
  • 8
  • 43
  • 90
  • 1
    Its not more secure, its a lower level than applications which could be secure. Saying TCP is more secure than UDP is like saying fibre is more secure than copper. – daniel Jul 21 '17 at 09:19
  • @daniel Well it's easier to hang your devices to a copper table than a fibre cable. But, touché. – Bob Ortiz Jul 21 '17 at 09:21
  • If you are talking about tensile strength, I have once seen a hammock made from cat-5. – daniel Jul 21 '17 at 09:24
  • 3
    Hahaha! Like this? http://i.vimeocdn.com/video/554577514_1280x720.jpg – Bob Ortiz Jul 21 '17 at 09:39
  • 1
    What you attack here is the MS RDP protocol, not UDP itself. As long as the MS RDP doesn't put undue trust on UDP (in particular doesn't any trust the source IP, doesn't trust that an incoming packet claiming it is part of session really is and prevents any replay) it should be fine. The point here is that some of this could be prevented at the transport layer, but by using UDP the software takes the burden of handling this at the application layer, but if done correctly this will not change anything security-wise. – WhiteWinterWolf Jul 21 '17 at 11:35
  • @WhiteWinterWolf that makes a lot of sense to me. Isn't the purpose indeed to seperate the layers and don't trust the application only for that purpose. Won't it be better for exactly that reason to use TCP in order to fall back on the check of the underlying layer (TCP) and not depending on the RDP protocol on top of it? – Bob Ortiz Jul 21 '17 at 11:38
  • I don't know if you have read [my answer](https://security.stackexchange.com/a/165730/32746) to the same question you are linking (late answer, so buried toward the end), but this is trade-off to choose between a potential performance gain and a certainly added complexity to the software. Most protocols are not really time sensitive so TCP is the best choice for them. For those few protocols where time matters, then UDP can have its benefits by avoiding some overhead but as you notice it kinda provides a more raw access to a lower layer and therefore requires more care. – WhiteWinterWolf Jul 21 '17 at 11:46

1 Answers1

4

UDP is deemed "less secure" due to the fact that it is stateless. When you send a UDP packet, you have no guarantee it will arrive. You also have no guarantee the person sending you the packet is who they say they are. However you are guaranteed that the packet will be routed to the receiver, or lost.

The MS-RDP protocol from my knowledge uses TCP, though there was an option to also use UDP alongside. Authorization itself is performed over TCP. Once access has been granted, UDP traffic will be allowed. Authorization also includes exchanging a key for symmetric encryption, ensuring data confidentiality.

If you want to know how a UDP attack looks, take a look at DNS Reflection Attacks. Because UDP is stateless, it's trivial to modify the source IP address. An attacker can send a small packet to a DNS server, causing the server to send back a response that's much larger than the request. However since the request is forged, the server actually sends the packet to the target system. Do this repeatedly, and you've launched a denial of service attack.

zzarzzur
  • 1,112
  • 8
  • 8