How can I fix / prevent an open SSDP service from running on my VPS?

The Simple Service Discovery Protocol (SSDP) is a network protocol based on the Internet Protocol Suite for advertisement and discovery of network services and presence information.

Running an open (UDP) service is not bad on its own. Unfortunately, hackers have also found this feature useful in performing a special type of DDoS attack called an "amplification attack".

Amplification attacks result in an attacker turning a small amount of bandwidth coming from a small number of machines into a massive traffic load hitting the attacked victim.

 

Recommended Action:

You can block port 1900/udp in your firewall or simply turn off the SSDP service (Windows only). To see if your server is vulnerable you can use the following command to see if the port is still open/closed:

$ sudo nmap -sU -p 1900 --script=upnp-info IP 

PORT STATE SERVICE VERSION 

1900/udp open|filtered upnp

 

Hebt u meer vragen? Een aanvraag indienen

0 Opmerkingen

U moet u aanmelden om een opmerking te plaatsen.