DEV Community

loading...
Cover image for TCP and UDP did you ever use them directly?

TCP and UDP did you ever use them directly?

bias profile image Tobias Nickel ・1 min read

Did you ever had a project where you used lower level protocols directly?

Usually we use http(s), a lib like grpc or service SDKs such as for databases.

But did you ever build an app that use tcp or udp directly or define your own protocol on top of them?

Discussion (24)

pic
Editor guide
Collapse
dochan profile image
Farhan Yahya

I've used UDP before. We were experimenting on how Dos works(for educational purposes).

So when using TCP for Dos attacks the sender of the attack also gets hit with a traffic of response. So if you send 1m requests you also receive 1m responses. This becomes a resource fight not an attack. That's why mostly attacks are performed with multiple computers(DDos) so that the senders won't be hurt since it's collective.

But with UDP the requests are one-way. No response. hence might be efficient here but the problem with it is you don't seem to know whether the packet was successfully delivered.

Above was an educational research with my friends. Thanks

Collapse
bias profile image
Tobias Nickel Author

Yes, I am very interested actually in defending from attacks, and the best is to know and understand how attackers can work.

With Udp you mostly can only go for some network services right? the webserver is tcp so just drop the messages.

I was wondering if I could not send a response to an attacker with my node.js web server (not even the tcp termination). But it would also keep the connection open on my side as well. When closing in any way, the attacker get an 'end' package.

Collapse
ecyrbe profile image
ecyrbe

You do not do this at application level, so not with nodeJs.
DDOS detection/protection can be implemented at Kernel level with IPTables : javapipe.com/blog/iptables-ddos-pr...

Thread Thread
slavius profile image
Slavius

UDP can get very nasty when it comes to DDoS. You can use so called amplification attack to DDoS servers/infrastructure. The fact that UDP is stateless means, compared to TCP, that no prior connection establishment is needed to force the remote end to processes received UDP data packets. In a firewall you can define rules that all TCP packets that did not follow an already established connection (called in TCP a 3-way handshake) can be dropped immediately.
Let's get back to the amplification. By finding a misconfigured DNS server that responds with large data (DNS UDP packet can be up to 4096 bytes large), e. g. sending a full DNS zone response with lots of DNSSec keys you can craft very small UDP DNS request that pretends to come from your victim's public IP address to the misconfigured DNS server which will happily send the response to the victim due to lack of state establishment in UDP. If you'd try this with TCP you'd have to first send SYN packet, and then respond with SYN/ACK (acknowledgement) from remote end, followed by another ACK packet to the server before being able to send/request real data packets. Since you faked the victim IP address a server would send SYN/ACK to the victim resulting in the victim to drop the packet since it never initiated the connection in the first place followed by the server closing the connection soon after due to lack of response to the handshake. This is not the case for UDP though so in one packet with few bytes forming a request you can force misconfigured server to send large response to the victim without any validation - hence the name "amplification".

Collapse
dochan profile image
Farhan Yahya

Exactly, it works for some services.

Collapse
ecyrbe profile image
ecyrbe

Yes, i developped proprietary protocols for :

  • USB drivers over network
  • SIP protocol implementation with proprietary extensions
  • Reverse engineered Windows RDP protocol and reimplemented it for proprietary appliance
  • TCP like protocol over UDP with better slow start algoritms (i lot like http/3)

Others that are minor and that i forgot...

Collapse
bias profile image
Tobias Nickel Author

this sounds like some cool stuff. thanks for sharing

Collapse
kievandres profile image
Kiev Andres

cool! 😲

Collapse
anirban_coder profile image
Anirban

I have used for port forwarding kind of. So every time I create a new application in our dev server, I have to open the port using TCP and UDP and default port 80 is used by another application.

Collapse
bias profile image
Tobias Nickel Author

At the time of warcraft3 I opened portforwarding on my router as well, to be able to open maps myself. Is that what you mean?

you say port 80, did you want to access a local webservice from remote?

Collapse
anirban_coder profile image
Anirban

So our main application is using the default port 8080 and hosted in IIS so that we can use the url from remote without passing the port. but if I have to deploy any other application with let's say with port 5000, I have to use UDP and TCP to open the port so that I can access the service from the remote.

Collapse
bias profile image
Tobias Nickel Author

personally I never used them directly productive. professional or private.

But I never get over doing some experiments. such as an http server using the node.js net(tcp) module . Or implementing a primitive RPC library.

While it worked and was fun to develop, I would not want to use it seriously.

Collapse
slavius profile image
Slavius

I have developed a threaded TCP server for one project talking proprietary binary protocol. We received an IoT device that could only speak TCP (updating the code to support MQTT deemed too expensive as it was an 8bit ATMEL chip based solution with poor protocol support) and it didn't go very well. It turned out that sometimes the device decided randomly to insert PSH (TCP PUSH) flag to bigger packets that resulted in the TCP server trying to process data with the PSH flag immediately instead of waiting for the remaining split packet. This caused application errors because data was truncated and following packets were missing beginnings. After a week of debugging they could not find the problem let alone fix it so I had to implement higher level virtual packet reassembly in my TCP server to mitigate the issue. Luckily this device was soon replaced by one that speaks certified MQTT...

Collapse
razi91 profile image
jkonieczny

I was working on a project that includes a hardware device based on STM32. I had to use bare TCP connection with app written in electron to make communication possible. It was simple protocol based on simple frames with headers describing what is sent.

Collapse
darkwiiplayer profile image
DarkWiiPlayer

Nothing big, but several small tools that use UDP, like (abandoned) a linux client for battleye rcon, a simple protocol for controlling LEDs (switched to MQTT instead) and probably more stuff that I can't remember.

Collapse
kyorohiro profile image
kyorohiro (kiyohiro kawamura)

Yes. I have used udp and tcp to build a p2p network protocol like kademlia and upnp and bonjure for embedded system and a special repeater.
Basically, it uses several methods to establish a connection.

Besides that , I used for the server-side low-latency game library etc..

Collapse
frankszendzielarz profile image
Frank Szendzielarz

Yes, UDP for Kademlia P2P implementations.

Collapse
kmistele profile image
Kyle Mistele

I do a lot of work in Cybersecurity, so I have on a couple occasions. I built a recursive ‘whois’ resolver in golang since all the libraries I could find wrapped the Linux whois binary. I wrote that on top it TCP, since it’s a pretty simple protocol. I also wrote an SMB network scanner on top of TCP to concurrently scan an active directory domain for vulnerabilities and misconfigurations

Collapse
itsjzt profile image
Saurabh Sharma

Never 😬

Collapse
bias profile image
Tobias Nickel Author

yes that is what I expected.

can all others like @itsjzt comment if you never used UDP and TCP?

Collapse
ricobrase profile image
Rico Brase

Yes. For our trainee, I developed a reference chat application (client + server) with it's own client <-> server communication protocol directly over TCP.

Collapse
recursivefaults profile image
Ryan Latta

It's been quite a long time, but I've used both from when I was working with some MMO games and the like.

Collapse
juliescript profile image
Julieta Campos Guzmán

Not since network lab in college.

Collapse
insanusmokrassar profile image
InsanusMokrassar

I've used it in one of mobile applications:) it was experience related to live streaming of android screen from PC into Android device to emulate powerful hardware on the weak smartphones/tabs:)