Is webrtc vulnerable to network attack?

Question

I found out video quality of media streams in webrtc is notably better via UDP connections. Also data-channel is based on UDP too ( is that right ? )

Supposed two peers ( both behind NATs ) connected with each other with webrtc technology and their IP address are exposed to the public , will webrtc service be vulnerable to network attack , especially UDP flood attack ?

Answer 1

Real-time interactions like video chat prefer UDP connections over TCP connections because dropped packets over UDP will not result in a wait for retransmissions. The audio or video will simply be corrupted, and if necessary, the receiving party can ask to have something repeated. This is preferred to the interactivity being interrupted while waiting for the retransmitted packet(s). WebRTC prefers UDP connections, but can also fall back to TCP connections. This is true for the data channel as well.

I am not familiar with the details of UDP flood attacks, but will try to describe relevant NAT behavior. When two peers interact from behind NATs, there is only one port open per connection on the NAT to receive packets that are passed on to the client. The external IP address of the NAT is public, but you cannot send to random ports on this IP and have packets delivered to the client. Further, there are different types of NAT behavior; it may not be sufficient to send to the port at the NAT IP to have packets sent to the client, it may also be necessary that they come from address or ports that have already interacted with the client. See NAT types. An attack can also try to overwhelm the NAT unit itself.