Defending Yourself Against An SSDP M-Search Attack

Defending Yourself Against An SSDP M-Search Attack

SSDP – Simple Service Discovery Protocol, also known as Universal Plug and Play – is a process that allows systems and devices to discover neighbors by searching the network, broadcasting their presence, or both. Unfortunately, it was discovered in 2014 that SSDP is actually fairly vulnerable.

The problem, reads a post on the Nexusguard Blog, is that SSDP was never was never designed for the Internet. It was never supposed to be an Internet standard. The fact that it is makes it easily exploitable, particularly where the M-Search feature is concerned.

“Since M-Search could be done via a unicast, scanning a network that’s under a proper firewall configuration and proper router ACL does nothing,” the post continues. “However, how many users are actually aware of the UPnP (using SSDP protocol) feature in devices like NAS, media players, TVs or home routers? I believe that number is very low. Furthermore, some router firmwares aren’t designed with security in mind: WAN ports that connect to the Internet sometimes attempt to advertise its network service via SSDP or the public SSDP M-Search query.”

Unfortunately, the only way to really defend against such an attack is by having enough traffic to mitigate the overload of requests (and to properly secure multimedia devices on your network).

Follow Liberty Center One:

Subscribe with Feedly