HowTo - Prevent an open SSDP service from running on my VPS?

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for the advertisement and discovery of network services and presence information.

Why prevent an open SSDP service to run on my VPS?

Running an open (UDP) service is not bad on its own. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called an "amplification attack".

Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim.

 

Recommended Action:

You can block port 1900/udp in your firewall or simply turn off the SSDP service (Windows only). To see if your server is vulnerable you can use the following command to see if the port is still open/closed:

$ sudo nmap -sU -p 1900 --script=upnp-info IP 
PORT STATE SERVICE VERSION 
1900/udp open|filtered upnp

How to close it?

Debian:

$ sudo ufw deny 1900

 

CentOS:

$ sudo firewall-cmd --zone=public --permanent --remove-port=1900/udp
$ sudo firewall-cmd --reload

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section