![]() ![]() On JanuBaidu Labs, in a Chinese-language weblog post, described a UDP reflection/amplification DDoS attack vector leveraging Plex Media Server instances running versions of the Plex software prior to 1.21. It also appears to make use of SSDP probes to locate UPnP gateways on broadband Internet access routers which have SSDP enabled when a UPnP gateway is discovered via this methodology, Plex attempts to utilize NAT-PMP to instantiate dynamic NAT forwarding rules on the broadband Internet access router. Upon startup, Plex probes the local network using the G’Day Mate (GDM) network/service discovery protocol to locate other compatible media devices and streaming clients. Plex Media Server is a personal media library and streaming system which runs on modern Windows, macOS, and Linux operating systems, along with variants customized for special-purpose platforms such as network-attached storage (NAS) devices, external RAID storage units, digital media players, etc. Cited observed number of PMSSDP attacks observed to date, along with number of PMSSDP reflectors/amplifiers leveraged.Updated number of abusable PMSSDP reflectors/amplifiers. ![]() Added observed use of source UDP port 32410 in PMSSDP reflection/amplification attacks.Included Plex guidance on circumstances which could facilitate the potential abuse of Plex Media Server instances in reflection/amplification DDoS attacks, along with guidance on remediation.Credited Baidu Labs with initial public disclosure.Added link to Baidu Labs Chinese-language initial disclosure post.Ĭhanges for Version 1.1 (February 6, 2020):.Added information concerning new Plex Media Server (PMS) update which prevents PMS from being abused to launch reflection/amplification DDoS attacks.Changes for Version 1.2 (February 7, 2020): Contributors: Ben Crowther, Ion Schiopu, Jon Belanger, Chris Conrad, Andrew Bartholomew. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |