Archiv: User Datagram Protocol (UDP)

30.06.2022 - 09:45 [ ]

Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain

(Aug 4, 2021)

We have no way of knowing whether the loophole has already been exploited: Anyone could have collected data undetected for over a decade.

We do know this is still an active threat vector – while two major DNS providers (Amazon and Google) have fixed the issue, others may still be vulnerable. As a result, millions of devices are potentially vulnerable.


After analyzing it, we learned it was dynamic DNS traffic from Windows machines that were querying the hijacked name server about itself. Dynamic DNS keeps DNS records automatically up to date when an IP address changes. It’s traditionally been used in large networks that host internal services, and use their own internal servers. In short, the traffic we received contained sensitive information that was never supposed to leave an organizations internal network.

The dynamic DNS traffic we “wiretapped” came from over 15,000 organizations, including Fortune 500 companies, 45 U.S. government agencies, and 85 international government agencies. The data included a wealth of valuable intel like internal and external IP addresses, computer names, employee names and office locations.

06.05.2022 - 14:59 [ ]

New DNS Flaw Enables ‘Nation-State Level Spying’ on Companies

(7. August 2021)

DNSaaS providers (also referred to as managed DNS providers) rent DNS to other businesses who don’t want to maintain and protect yet additional network resources on their own.


The Wiz researchers stated, “We found a simple loophole that allowed us to intercept a portion of worldwide dynamic DNS traffic going through managed DNS providers like Amazon and Google,”
“The dynamic DNS traffic we ‘wiretapped’ came from over 15,000 organizations, including Fortune 500 companies, 45 U.S. government agencies, and 85 international government agencies.”
Employee/computer identities and locations and extremely sensitive data about organizations’ infrastructure, such as Internet-exposed network equipment, were among the

06.05.2022 - 08:59 [ ]

The Unfriendly Internet – Turning Off Cleartext Lookups in September

So, all DNS server operators have to deal with spoofed UDP traffic, doubly so for open recursive server operators. It requires a lot of fiddling with limits in the software used to detect attacks to adapt the constantly changing attack landscape. Sometimes the attacks look so much like regular traffic that it is tricky to tell attackers apart from real users, which is why many of you have had the unfortunate experience of being blocked as a false positive.

Without getting too technical: UDP traffic can be spoofed. This is primarily true because of lazy or incompetent ISPs not enforcing proper filters on their outgoing traffic.

29.04.2022 - 20:52 [ ]

DNSCrypt version 2 protocol specification

The DNSCrypt protocol can use the UDP and TCP transport protocols.
DNSCrypt Clients and resolvers should support the protocol over UDP and must support it over TCP.

The default port for this protocol should be 443, both for TCP and UDP.

29.04.2022 - 20:50 [ ]

Problems that UDP and only UDP has

(August 2018)

To Simplify, TCP is just a collection of algorithms that extend UDP to make it support in-order delivery of streams. UDP on the other hand does not care about such streams and instead sends blocks of messages (called datagrams) in whatever-order and provides no guarantee what-so-ever that you will ever receive them.

29.04.2022 - 20:37 [ ]

TCP vs. UDP – die beiden Protokolle im Vergleich

UDP steht für User Datagram Protocol. Es ist ein verbindungsloses Transportprotokoll. Das UDP hat zwar ähnliche Aufgaben zu erfüllen wie das TCP, dabei arbeitet es aber – im Gegensatz zum TCP – verbindungslos und unsicher. Das heißt, als Absender weiß man hier nie, ob das versendete Datenpaket angekommen ist, da keine Empfangsbestätigungen gesendet werden. UDP wird hauptsächlich bei DNS-Anfragen, VPN-Verbindungen und Audio- und Videostreaming verwendet, da es durch seine vereinfachte Arbeitsweise schneller ist.

24.03.2021 - 15:12 [ ]

6 ways HTTP/3 benefits security (and 7 serious concerns)

(29 Jun 2020)

HTTP3, the third official version of hypertext transfer protocol (HTTP), will not use the transmission control protocol (TCP) as did its predecessors. Instead, it uses the quick UDP internet connections (QUIC) protocol developed by Google in 2012.