The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for the advertisement and discovery of network services and presence information.
Why prevent an open SSDP service to run on my VPS?
Running an open (UDP) service is not bad on its own. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called an "amplification attack".
Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim.
Recommended Action:
You can block port 1900/udp in your firewall or simply turn off the SSDP service (Windows only). To see if your server is vulnerable you can use the following command to see if the port is still open/closed:
$ sudo nmap -sU -p 1900 --script=upnp-info IP
PORT STATE SERVICE VERSION
1900/udp open|filtered upnp
How to close it?
Debian:
$ sudo ufw deny 1900
CentOS:
$ sudo firewall-cmd --zone=public --permanent --remove-port=1900/udp
$ sudo firewall-cmd --reload
Comments
Article is closed for comments.