Wednesday, October 25, 2023
A small warning about UDP based protocols
The Gemini protocol has inspried others to implement “simple” protocols, like Mercury (alternate link), Spartan (alternate link) and Nex (alternate link). But there's another protocol being designed that has me worried—Guppy (alternate link), which based on UDP instead of TCP.
Yes, UDP is simpler than TCP. Yes, you can get results with just one exchange of packets. But the downside of UDP is that you will be exploited for amplification attacks! I found this out the hard way a few years ago and shut down my UDP QOTD service. Any time you have a UDP-based protocol where a small packet to the server results in a large packet from the server will be exploited with a constant barrage of forged packets. That's one reason for the TCP three-way handshake.
Also, the Guppy protocol spec states, “it's an experiment in designing a protocol simpler than Gopher and Spartan, which provides a similar feature set but with faster transfer speeds (for small documents) and using a much simpler software stack,” but there's a downside—you can easily over-saturate a link with data, which is another reason UDP is popular for amplification attacks. Congestion control is one reason why TCP exists (some say it's the only reason and the other benefits, like a reliable, stream-oriented connection is a side effect of the design).
My intent here isn't to discourage experimentation. I like the fact that people are experiementing with this stuff. But I do want to pass along some painful experiences I had when playing around with UDP on the open Internet.
Discussions about this entry
- A small warning about UDP based protocols | Hacker News
- A small warning about UDP based protocols - ZeroBytes
- A small warning about UDP based protocols - derp.foo
- The Guppy Protocol Specification v0.3.2
- A small warning about UDP based protocols - Smeargle Fans
- Lazy Reading for 2023/11/12 – DragonFly BSD Digest