Thursday, August 9, 2012

Testing Maximum UDP Sessions Limit using netcat

As we know that User Datagram Protocol is connectionless it would be slightly challenging to test UDP Session Limit. In this blogpost we are going to see how to test UDP sessions using netcat (nc) tool.

Assuming we have configured our Firewall (FW) or Intrusion Prevention Systems (IPS) with a maximum of 4 UDP Sessions. If we try to establish a new connection greater than 4 it should not be allowed. As we don't have connection establishment phase (3-way Handshake) in UDP, connection is identified at the time of data transfer and dropped.

Running nc command to listen on UDP ports in the background.



Once UDP Server is up and running, we will connect to different ports on Server from Client machine.



Snapshot showing active sessions (ESTABLISHED state) on server.




 Snapshot showing sessions on Client side.



If we go for a 5th connection it will successfully establish s Session but if we try to transfer data ot UDP Sessions Limit rule kicks in and the connection will be blocked


If we successfully transfer data on 5th Session, it means “UDP Maximum Connections” set on FW/IPS is not working properly.

Connection blocking is reported back to Client using ICMP UDP Port unreachable error message. In the case of TCP Client gets a packet from Server with RESET flag set.

Following posts might be of interest to you
http://darshanams.blogspot.in/2012/08/web-server-security-php-hardening.html
http://darshanams.blogspot.in/2012/07/portservice-scanning-using-snmp.html
http://darshanams.blogspot.in/2012/06/sip-security1-scanning-voippbx-servers.html

Thank You!!!