UDP
What is UDP?
UDPA connectionless transport protocol (RFC 768) that delivers individual datagrams between ports with minimal overhead but no reliability or ordering guarantees.
The User Datagram Protocol, defined in RFC 768, is a thin layer above IP that adds only source/destination ports, length, and an optional checksum. There is no handshake, no retransmission, no flow control, and no congestion control — each datagram is independent. This makes UDP ideal for latency-sensitive or one-shot workloads such as DNS, NTP, SNMP, VoIP, video streaming, and the QUIC transport that underpins HTTP/3. The lack of state also makes UDP a frequent vehicle for amplification attacks: spoofed-source packets to DNS, NTP, or memcached servers cause large reflected responses. Defenses include rate limiting, BCP 38 ingress filtering, and protocol-level cookies.
● Examples
- 01
A DNS resolver sends a 60-byte query on UDP port 53 and receives a single-packet answer.
- 02
HTTP/3 carries web traffic over QUIC, which runs on UDP port 443 instead of TCP.
● Frequently asked questions
What is UDP?
A connectionless transport protocol (RFC 768) that delivers individual datagrams between ports with minimal overhead but no reliability or ordering guarantees. It belongs to the Network Security category of cybersecurity.
What does UDP mean?
A connectionless transport protocol (RFC 768) that delivers individual datagrams between ports with minimal overhead but no reliability or ordering guarantees.
How does UDP work?
The User Datagram Protocol, defined in RFC 768, is a thin layer above IP that adds only source/destination ports, length, and an optional checksum. There is no handshake, no retransmission, no flow control, and no congestion control — each datagram is independent. This makes UDP ideal for latency-sensitive or one-shot workloads such as DNS, NTP, SNMP, VoIP, video streaming, and the QUIC transport that underpins HTTP/3. The lack of state also makes UDP a frequent vehicle for amplification attacks: spoofed-source packets to DNS, NTP, or memcached servers cause large reflected responses. Defenses include rate limiting, BCP 38 ingress filtering, and protocol-level cookies.
How do you defend against UDP?
Defences for UDP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for UDP?
Common alternative names include: User Datagram Protocol.
● Related terms
- network-security№ 1134
TCP
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- attacks№ 335
DNS Amplification Attack
A reflection DDoS attack that abuses open DNS resolvers by sending small queries with the victim's spoofed IP, causing resolvers to send large DNS responses to the victim.
- attacks№ 555
IP Spoofing
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
- network-security№ 508
ICMP
A network-layer control and diagnostics protocol (RFC 792 for IPv4, RFC 4443 for IPv6) used by hosts and routers to report errors and signal path conditions.
● See also
- № 311DHCP
- № 344DNS Tunneling
- № 499HTTP/3 / QUIC