Simple Service Discovery Protocol (SSDP) is a network protocol meant for residential networks (e.g., to find printers or media players). It is rarely, if ever, needed on a public VPS.
Hackers abuse open SSDP services to perform "Amplification Attacks". They send a small request to your server, and your server responds with a huge amount of data to a victim.
This not only facilitates cyberattacks on others but also saturates your own bandwidth, potentially leading to suspension of your service due to Abuse policies.
1. Checking for Vulnerability
To check if your server is exposing SSDP to the internet, you can use a tool like nmap from your local computer (replace IP with your VPS IP):
sudo nmap -sU -p 1900 --script=upnp-info 1.2.3.4If the state is open, you must take action immediately.
2. Solving the issue on Windows Server
On Windows, SSDP is often enabled by default as the "SSDP Discovery" service. The best fix is to simply disable this service.
Open PowerShell as Administrator and run:
# Stop the service
Stop-Service SSDPSRV
# Disable it from starting automatically on reboot
Set-Service SSDPSRV -StartupType Disabled3. Solving the issue on Linux
On Linux, SSDP is usually blocked by default unless you installed specific UPnP software or disabled your firewall.
Option A: Using UFW (Ubuntu/Debian)
If you use UFW, ensure you deny incoming UDP traffic on port 1900.
sudo ufw deny 1900/udpOption B: Using FirewallD (CentOS/AlmaLinux/RHEL)
Remove the service or port from your public zone.
sudo firewall-cmd --zone=public --remove-port=1900/udp --permanent
sudo firewall-cmd --reloadOption C: IPTables (Raw)
If you use raw iptables, drop the traffic:
iptables -A INPUT -p udp --dport 1900 -j DROP