SSDP DDoS
SSDP is used in the UPnP protocol in order to locate automatic devices that use the UPnP protocol and connect them to the network. Generally, the UPnP protocol is used for communication between devices in a home network.
Because the SSDP protocol creates a vulnerability, an attacker can disrupt device performance or use it for DDoS attacks by overflowing the “libupnp” library stack buffer with SSDP search requests.
Recommendations for users:
- Update devices’ firmware;
- Block access to the 1900 UDP port, which would prevent unwanted access to UPnP protocol services;
- Turn off UPnP protocol service if it is not in use.