Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review
AMD Ryzen 5 7600 processor review

New Downloads
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36
MSI Afterburner 4.6.5 (Beta 4) Download


New Forum Topics
Microsoft halts selling Windows 10 on January 31 The Samsung Galaxy S23 is rumored to cost an additional 150 Euros (+specs) AMD Polaris (RX 400/500) users unable to play Forspoken Corsair 10GB/s MP700 PCIe Gen5 SSD got unveiled, but quickly gets hidden Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL Monitor turns black and windows disable my GPU driver Extreme 4-Way Sli Tuning Sony Bravia fix will be included in the driver after next. SteelSeries releasing three models speakers, including 5.1ch surround Arena 9 Seagate will release 22TB and 24TB hard disk drives, and in Q3, HAMR HDD with 30TB or more




Guru3D.com » News » Plex media servers actively scanned and used to amplify DDoS attacks

Plex media servers actively scanned and used to amplify DDoS attacks

by Hilbert Hagedoorn on: 02/08/2021 09:46 AM | source: tweakers.net | 11 comment(s)
Plex media servers actively scanned and used to amplify DDoS attacks

Media servers based on PLEX can be used for DDOS attacks. DDoS-for-hire services you can find on the web have now pointed their eyes on PLEX servers because they can abuse the SSDP (Simple Service Discovery) protocol.

Netscout reports that the Plex Media Server app creates a new 'network address translation' line at your local Internet router that allows the media server's SSDP protocol to directly access the Internet through udp port 32414. Attackers simply have to scan the internet for devices with this port enabled, and then abuse them to amplify web traffic they send to a DDoS attack victim.

"As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, PMSSDP has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population," the company said.

Using the SSDP protocol over this UDP port of a router is an interesting road for cybercriminals to detect, access, and subsequently use the media servers that use the Plex Media Server app to combat DDoS attacks. feed. Hackers should only search the internet for devices that have the udp port 32414 open and can take over the device, as simple as that.

Netscout mentions 27,000 vulnerable Plex servers have already been detected and can be used to carry out a DDOS attack. In addition, Netscout is convinced that DDOS attacks via these servers will become increasingly common as they are already added in botnets. 

Plex just posted the following statement:

The researchers who reported on this issue did not provide any prior disclosure, but Plex is now aware of the problem and is actively working on addressing it. This issue appears to be limited to a small number of media server owners who have misconfigured their firewalls by allowing UDP traffic on device-discovery ports from the public internet to reach their servers, and our current understanding is that it does not allow an attacker to compromise any Plex user's device security or privacy. Plex is testing a simple patch that adds an extra layer of protection for those servers that may have been accidentally exposed and will release it shortly.

Meanwhile, if you have PLEX on a NAS autoconfigured, it would be wise to check your router and close UDP port 32414 (if open at all).







« Download: NVIDIA GeForce Hotfix Driver Version 461.51 · Plex media servers actively scanned and used to amplify DDoS attacks · COLORFUL Launches iGame VULCAN DDR4 Memory and SL500 Mini SSD »

3 pages 1 2 3


insp1re2600
Senior Member



Posts: 2212
Joined: 2018-01-03

#5885605 Posted on: 02/09/2021 12:23 PM
Can also use the old GRC shields up

https://www.grc.com/default.htm

Cybermarc
Junior Member



Posts: 19
Joined: 2014-03-27

#5885822 Posted on: 02/09/2021 11:35 PM
LOL. Plex has release a new version to prevent DDOS attacks, what a joke. Check the release notes
Version 1.21.3.4014

StSimm1Plex Employee
3d
Plex Media Server 1.21.3.4015 is now available to Plex Pass users in the Beta update channel.
Plex Media Server 1.21.3.4014 is now available to everyone.


FIXES:


(Security) Mitigate against potential DDoS amplification by only responding to UDP requests from LAN



suty455
Senior Member



Posts: 570
Joined: 2020-04-28

#5885839 Posted on: 02/10/2021 12:28 AM
Always use this site every few ~Days lots of folks claim he is a fraud but his tool is simple to use and works and he was alerting the public to the dangers off UPnP many many years ago
https://www.grc.com/x/ne.dll?rh1dkyd2

insp1re2600
Senior Member



Posts: 2212
Joined: 2018-01-03

#5885841 Posted on: 02/10/2021 12:30 AM
Always use this site every few ~Days lots of folks claim he is a fraud but his tool is simple to use and works and he was alerting the public to the dangers off UPnP many many years ago
https://www.grc.com/x/ne.dll?rh1dkyd2

Yeah I'd posted it two posts up.

suty455
Senior Member



Posts: 570
Joined: 2020-04-28

#5885842 Posted on: 02/10/2021 12:31 AM
Yeah I'd posted it two posts up.

Doh!

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023