UPD based applications (like WAIS, Archie, and Domain Name Services) are therefore difficult to filter.
Old packet-filtering techniques simply eliminated UDP connections or opened a large portion of the UDP range to bi-directional communication, exposing the internal network to attacks.