How to fix or prevent an open SSDP service from running

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for the advertisement and discovery of network services and presence information.

 

Why prevent an open SSDP service to run on my VPS? 

Running an open (UDP) service is not bad on its own. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called an "amplification attack". 

Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim. 

As a result, using the SSDP port on a Tilaa VPS is not recommended. We'll show you how to close this gate in this article. 

You can use your firewall to block port 1900/udp

 

Recommended action to close the SSDP port

1. Open the Windows Firewall with Advanced Security and click on 'Inboud Rules' -> 'New Rule'. 

blobid0.png

2. Select 'port' and click on 'Next >'
blobid1.png

3. Select the ‘UDP’ option and enter port number 1900. Then click 'Next >'
blobid2.png
4. Select 'Block the connection' and click 'Next >'

blobid3.png

5. You specify that you wish to use these settings for domain, private, and public reasons in the next window. You do not need to modify anything because these choices are selected by default. You can move on to the next stage. 

blobid4.png

6. Give the new rule a name that will help you remember it, such as 'SSDP block,' and then click 'Finish.' 
blobid5.png

 

 

Was this article helpful?
11 out of 12 found this helpful

Comments

0 comments

Article is closed for comments.

Articles in this section

See more