* * * * *

                  A small warning about UDP based protocols

The Gemini protocol [1] has inspried others to implement “simple” protocols,
like Mercury [2] (alternate link [3]), Spartan [4] (alternate link [5]) and
Nex [6] (alternate link [7]). But there's another protocol being designed
that has me worried—Guppy [8] (alternate link [9]), which based on UDP (User
Datagram Protocol) instead of TCP (Transmission Control Protocol).

Yes, UDP is simpler than TCP. Yes, you can get results with just one exchange
of packets. But the downside of UDP is that you will be exploited for
amplification attacks! I found this out the hard way [10] a few years ago and
shut down my UDP QOTD (Quote Of The Day) service. Any time you have a UDP-
based protocol where a small packet to the server results in a large packet
from the server will be exploited with a constant barrage of forged packets.
That's one reason for the TCP three-way handshake.

Also, the Guppy protocol spec states, “it's an experiment in designing a
protocol simpler than Gopher and Spartan, which provides a similar feature
set but with faster transfer speeds (for small documents) and using a much
simpler software stack,” but there's a downside—you can easily over-saturate
a link with data, which is another reason UDP is popular for amplification
attacks. Congestion control is one reason why TCP exists (some say it's the
only reason and the other benefits, like a reliable, stream-oriented
connection is a side effect of the design).

My intent here isn't to discourage experimentation. I like the fact that
people are experiementing with this stuff. But I do want to pass along some
painful experiences I had when playing around with UDP on the open Internet.

[1] https://geminiprotocol.net/
[2] gemini://zaibatsu.circumlunar.space/~solderpunk/gemlog/the-mercury-protocol.gmi
[3] http://portal.mozz.us/gemini/zaibatsu.circumlunar.space/~solderpunk/gemlog/the-mercury-protocol.gmi
[4] spartan://spartan.mozz.us/
[5] https://portal.mozz.us/spartan/spartan.mozz.us/
[6] nex://nex.nightfall.city/nex/info/specification.txt
[7] http://portal.mozz.us/nex/nex.nightfall.city/nex/info/specification.txt
[8] gemini://gemini.dimakrasner.com/guppy-v0.3.1.gmi
[9] https://portal.mozz.us/gemini/gemini.dimakrasner.com/guppy-v0.3.1.gmi
[10] gopher://gopher.conman.org/0Phlog:2019/05/13.1
---

Discussions about this page

A small warning about UDP based protocols | Hacker News
 https://news.ycombinator.com/item?id=38046448

A small warning about UDP based protocols - ZeroBytes
 https://zerobytes.monster/post/3061952

A small warning about UDP based protocols - derp.foo
 https://derp.foo/post/351088

The Guppy Protocol Specification v0.3.2
 gemini://gemini.dimakrasner.com/guppy-v0.3.2.gmi

A small warning about UDP based protocols - Smeargle Fans
 https://lemmy.smeargle.fans/post/66674

Lazy Reading for 2023/11/12 – DragonFly BSD Digest
 https://www.dragonflydigest.com/2023/11/12/lazy-reading-for-2023-11-12/

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.