How to fix or prevent an open SSDP service from running

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for the advertisement and discovery of network services and presence information. 

 

Why prevent an open SSDP service to run on my VPS? 

Running an open (UDP) service is not bad on its own. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called an “amplification attack”. 

Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim. 

As a result, using the SSDP port on a Tilaa VPS is not recommended. We'll show you how to close this gate in this article. 

You can use your firewall to block port 1900/udp  

 

Recommended action to close the SSDP port 

To see if your Linux-based server is vulnerable, you can use the following command to see if the port is still open or closed:  

$ sudo nmap -sU -p 1900 --script=upnp-info IP   

PORT STATE SERVICE VERSION 
1900/udp open |filtered upnp 

Ubuntu & Debian (Uncomplicated FireWall)

Command to close port 1900:  

sudo ufw deny 1900 

Iptables 

 

1. Close port 1900 using the following command:  

sudo iptables -A INPUT -p udp --dport 1900 -j DROP  

2. Restart your firewall as follows to apply the changes:  

sudo iptables-save | sudo tee /etc/sysconfig/iptables           
sudo service iptables restart
 

Firewalld (CentOS, DirectAdmin, Plesk, cPanel) 

1. Close port 1900 using the command:  

 sudo firewall-cmd --zone=public --permanent --remove-port=1900/udp  

2. Reload your firewall configuration with this command to apply the changes:  

sudo firewall-cmd --reload  

Your VPS is now safe from malicious use of SSDP port 1900! 

Was this article helpful?
2 out of 2 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more