In a UDP Flood, DDoS attackers send highly-spoofed UDP (user datagram protocol) packets at a very high packet rate using a large source IP range. The victim's network (routers, firewalls, IPS/IDS, SLB, WAF and/or servers) is overwhelmed by the large number of incoming UDP packets. This attack normally consumes network resources and available bandwidth, exhausting the network until it goes offline.
UDP attacks are very difficult to detect and block efficiently and are extremely effective in flooding the network with unwanted traffic. UDP floods can overwhelm a network with packets containing random or fixed source IP addresses. In addition, UDP formats are not defined and can be filled with garbage data. UDP can also be used in a Reflective type of attack scenario where volumes of unsolicited and large DNS responses attack a DNS server or even in VoIP and NTP environments.