What is UDP traffic?

topic posted Tue, May 31, 2005 - 1:50 PM by  Paul
So after reading that disturbing post here about someone trying to get into their computer, I looked into my firewall settings, to find it off! Turned it on, and went into the advanced settings to turn on the "Stealth" mode (ie it doesn't even respond to peeping peoples) and there was another option, Block UDP traffic. What's that?

Also, I noticed, in a checklist of different areas to allow and not allow access, the Network Times box was already checked (to allow access) what's that for, and should I leave it as is? I, at the moment, just use my computer for the internet, no file sharing or remote access needed.
posted by:
  • Unsu...
    Thanks for posting this. I just found my firewall OFF too, even though I made sure it was ON when I switched to Tiger and turned on all the advanced protection. Just now, UDP blocking was also disabled, which is different from how I had it set before.

    So the question is, who turned it OFF? This suggests to me there is a serious security problem if some hacker or trojan is able to disable our firewalls.
    • Hmmm, could it be (narrowing eyes and quickly scanning the room) one of YOU!?!? :-9 Or could it be some Tiger funkiness when you install it. Hmm, you said you made a point to turn it on, interesting. Anybody?
      • So I let my cursor drift over the Network Time line, and it said, "This is your firewall entry for Network Time. It is currently on and all UDP network traffic on port 123 is being let through." What does this mean, and should I allow it?
        • Unsu...
          Gah - what network time line? Is this a graphical display of network events somewhere?
          • Unsu...
            OK, I see it. I misparsed it as time-line, thinking you had some cool timeline display of what was happening on the Network. With cool icons and color coded lines and everything.
        • Unsu...

          Network Time

          With that disabled, I am still able to set my clock from the apple time server, so disabling it doesn't seem to be a big deal.
      • sorry paul, but you're data wasn't interesting enough for me to hack.
        • Ahhh, c'monnn!
          • Unsu...
            I just found my firewall off as well -and I DIDN'T install Tiger.
            On the other hand, I wonder if I switched it off for Limewire usage at some point? Or if Limewire automatically switched it off without telling me?
            • Unsu...
              My firewall disabled itself once before, about a couple years ago, in Jaguar. When I installed Tiger, I did reinstall a few apps of course, including ones I've been using since the time before, which makes me wonder if one of them is a trojan. Or maybe it is some weirdness with the OS. But this time, I specifically remember checking the Firewall settings right after installing Tiger and I know with absolute certainty I have not changed them since then, until today when I turned it back on.
              • User Datagram Protocol. A communications protocol for the Internet network layer, transport layer, and session layer, which makes it possible to send a datagram message from one computer to an application running in another computer. Like TCP (Transmission Control Protocol), UDP is used with IP (the Internet Protocol). Unlike TCP, UDP is connectionless and does not guarantee reliable communication; the application itself must process any errors and check for reliable delivery.
                • or in english UDP sends bursts of data with no confirmation that they were received (one way communication). UDP connections almost always have an accompanying TCP control connection (as in streaming media) to initiate the transmission and/or terminate it when the information is complete.

                  One-way is advantageous for some internet traffic in that it's an uninterrupted stream of data (versus TCP which would start and stop) or if the service is apathetic to the reception of the data (such as the network time server).
                  • This is the maximum depth. Additional responses will not be threaded.
                    Um, ok. And the question remains, is this something I should allow?
                    • YES!

                      UDP was the primary means for dns to talk, until commone hostnames got longer than 13 characters, where it switches to tcp when it queries.

                      It is also the primary means for multicast. session based multi casting has narely left academia, so if you know you use multicasting but don't know what udp is, leave udp alone.

                      DHCP uses udp.

                      Apple quick time seems to have registered udp 458 for some use, but I don't know if they use it right now.

                      Plenty of tunneling software for vpns uses udp.

                      In short, please don't blanketly turn off udp. You will be in a world of hurt.

                      • Ow my shoulder! No *wonder* it was aching! :-9 Ok then, so Bertrand, any UDPs that I should singly block? (vs overall blocking UDP in general)
                        • Well actually, looking at the Firewall settings, it says "Block UDP Traffic-Prevents UDP communications for accessing resources on your computer." This sounds different then outright blocking UDP alltogther. Or am I talking out my ass?
                          • Unsu...
                            FWIW, I've got UDP blocking on and it's not affected me. Things still work. I'm on dialup though so I only do low-bandwidth stuff so maybe there's cool stuff that I'd be missing if I had a high speed connection.
                        • leave alone 67, 68, otherwise block everything 1024 and below.

                          Just don't block udp outright.

                          There is actually very little need to block udp traffic. If you get a denial of service attack, it's still going to fill your wire before it takes down your actual box. There are very very few common services running as root nowadays that use udp only.

                          Hope that was some help.

                          • XJ, I do too, same thing. I wonder how I would know if it was affecting me? Bertrand, there doesn't seem to be a choice to specify which is and isn't blocked, either all or none. Though again, the language above calls into question, for me, whether they mean blocking UDP altogether, or just preventing certain actions. Hmmm...
                            • Unsu...
                              I noticed today that Little Snitch asks for permission to do UDP things, so it seems that blocking UDP in the Firewall only blocks some things.
                              • Unsu...
                                By the way, now that by firewall is working I noticed in the log that it's blocking attack attempts thousands of times a day, sometimes dozens per second.

                                No wonder my dialup is slow!!
                                • Have you got it set on stealth mode? Apparently doing that, it doesn't even give a response to those attempting an attack. Very Judo :-)
                                  • Unsu...
                                    Yes, stealth mode is on. I assume the log entries are all people lashing out at the void. Undoubtedly it would be worse if it wasn't in stealth mode.

                                    The log also shows some entries the specifically say "Stealth Mode connection attempt to UDP". I am not sure what it is when someone makes a stealth mode connection attempt or how it differs from regular attack events.
                                    • There is such a thing as stealth scanning. You can pour over old phracks which Fyoder of nmap fame has discovered in the late 90s. A good understanding of tcp/ip would be required to read those articlse. Stealth mode scanning includes any method to obtain information about a host without an actual established connection to it. It's not an attack per se. Some kids just randomly buzz entire subnets for latter use.



Recent topics in "Mac OS X"