The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for the advertisement and discovery of network services and presence information.
Why prevent an open SSDP service to run on my VPS?
Running an open (UDP) service is not bad on its own. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called an “amplification attack”.
Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim.
As a result, using the SSDP port on a Tilaa VPS is not recommended. We'll show you how to close this gate in this article.
You can use your firewall to block port 1900/udp
Recommended action to close the SSDP port
To see if your Linux-based server is vulnerable, you can use the following command to see if the port is still open or closed:
$ sudo nmap -sU -p 1900 --script=upnp-info IP
PORT STATE SERVICE VERSION
1900/udp open |filtered upnp
Ubuntu & Debian (Uncomplicated FireWall)
Command to close port 1900:
sudo ufw deny 1900
1. Close port 1900 using the following command:
sudo iptables -A INPUT -p udp --dport 1900 -j DROP
2. Restart your firewall as follows to apply the changes:
sudo iptables-save | sudo tee /etc/sysconfig/iptables
sudo service iptables restart
Firewalld (CentOS, DirectAdmin, Plesk, cPanel)
1. Close port 1900 using the command:
sudo firewall-cmd --zone=public --permanent --remove-port=1900/udp
2. Reload your firewall configuration with this command to apply the changes:
sudo firewall-cmd --reload
Your VPS is now safe from malicious use of SSDP port 1900!