Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
G.Skill TridentZ 5 RGB 6800 MHz CL34 DDR5 review
Be Quiet! Dark Power 13 - 1000W PSU Review
Palit GeForce RTX 4080 GamingPRO OC review
Core i9 13900K DDR5 7200 MHz (+memory scaling) review
Seasonic Prime Titanium TX-1300 (1300W PSU) review
F1 2022: PC graphics performance benchmark review
MSI Clutch GM31 Lightweight​ (+Wireless) mice review
AMD Ryzen 9 7900 processor review
AMD Ryzen 7 7700 processor review
AMD Ryzen 5 7600 processor review

New Downloads
CPU-Z download v2.04
Intel ARC graphics Driver Download Version: 31.0.101.4090
AMD Radeon Software Adrenalin 23.1.2 (RX 7900) download
GeForce 528.24 WHQL driver download
Display Driver Uninstaller Download version 18.0.6.0
Download Intel network driver package 27.8
ReShade download v5.6.0
Media Player Classic - Home Cinema v2.0.0 Download
HWiNFO Download v7.36
MSI Afterburner 4.6.5 (Beta 4) Download


New Forum Topics
Export and Share curve OC profiles for MSI AB (suggestion) Forspoken implements Microsoft's DirectStorage API, offers faster load times but lowers frame rate RTX 4090 Owner's thread Performance for Free: Unlocking Resizable Bar for unsupported AMD GPUs (Polaris, VEGA, Radeon VII) Whoops?: Cablemod 12VHPWR cable also melts Info Zone - gEngines, Ray Tracing, DLSS, DLAA, TSR, FSR, XeSS, DLDSR etc. Amernime Zone AMD Software: Adrenalin / Pro Driver - Release Discovery 22.12.2 WHQL NVIDIA GeForce 528.24 WHQL driver download & Discussion Aliexpress "3070M" Desktop card driver Possible implementation of video card led control




Guru3D.com » News » Plex media servers actively scanned and used to amplify DDoS attacks

Plex media servers actively scanned and used to amplify DDoS attacks

by Hilbert Hagedoorn on: 02/08/2021 09:46 AM | source: tweakers.net | 11 comment(s)
Plex media servers actively scanned and used to amplify DDoS attacks

Media servers based on PLEX can be used for DDOS attacks. DDoS-for-hire services you can find on the web have now pointed their eyes on PLEX servers because they can abuse the SSDP (Simple Service Discovery) protocol.

Netscout reports that the Plex Media Server app creates a new 'network address translation' line at your local Internet router that allows the media server's SSDP protocol to directly access the Internet through udp port 32414. Attackers simply have to scan the internet for devices with this port enabled, and then abuse them to amplify web traffic they send to a DDoS attack victim.

"As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, PMSSDP has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population," the company said.

Using the SSDP protocol over this UDP port of a router is an interesting road for cybercriminals to detect, access, and subsequently use the media servers that use the Plex Media Server app to combat DDoS attacks. feed. Hackers should only search the internet for devices that have the udp port 32414 open and can take over the device, as simple as that.

Netscout mentions 27,000 vulnerable Plex servers have already been detected and can be used to carry out a DDOS attack. In addition, Netscout is convinced that DDOS attacks via these servers will become increasingly common as they are already added in botnets. 

Plex just posted the following statement:

The researchers who reported on this issue did not provide any prior disclosure, but Plex is now aware of the problem and is actively working on addressing it. This issue appears to be limited to a small number of media server owners who have misconfigured their firewalls by allowing UDP traffic on device-discovery ports from the public internet to reach their servers, and our current understanding is that it does not allow an attacker to compromise any Plex user's device security or privacy. Plex is testing a simple patch that adds an extra layer of protection for those servers that may have been accidentally exposed and will release it shortly.

Meanwhile, if you have PLEX on a NAS autoconfigured, it would be wise to check your router and close UDP port 32414 (if open at all).







« Download: NVIDIA GeForce Hotfix Driver Version 461.51 · Plex media servers actively scanned and used to amplify DDoS attacks · COLORFUL Launches iGame VULCAN DDR4 Memory and SL500 Mini SSD »

3 pages 1 2 3


illrigger
Senior Member



Posts: 321
Joined: 2017-02-16

#5885450 Posted on: 02/08/2021 06:14 PM
To be clear, this isn't a Plex problem, it's a router problem. No router should be exposing UPnP to the WAN side, which is what is being exploited here.

You can detect whether it is or not on your system by visiting Bad UPnP/SSDP - Check for WAN UPnP listening (benjojo.co.uk)

You should do so even if you aren't running Plex, since you can be exploited by many services outside it. If it shows you are vulnerable, your best option is to turn off UPnP in your router.

Reddoguk
Senior Member



Posts: 2476
Joined: 2010-05-26

#5885496 Posted on: 02/08/2021 10:51 PM
Well it seems i'm not listening on UPnP WAN.

386SX
Senior Member



Posts: 1730
Joined: 2017-06-26

#5885507 Posted on: 02/08/2021 11:50 PM
No router should be exposing UPnP to the WAN side.


Couldnt agree more. I would like to add "disable answering ICMP messages on WAN". :)

0blivious
Senior Member



Posts: 3268
Joined: 2006-04-25

#5885535 Posted on: 02/09/2021 06:02 AM
Thanks for the verification link!

""All good! It looks like you are not listening on UPnP on WAN""

I was expecting it to tell me that it could fly a 747 through all the security holes. Apparently not, which is nice as I'm fairly clueless in this regard. (*back to watching PLEX...)

386SX
Senior Member



Posts: 1730
Joined: 2017-06-26

#5885571 Posted on: 02/09/2021 10:14 AM
@0blivious for your 747 feeling there is this test:
https://www.heise.de/security/dienste/portscan/test/go.shtml?scanart=1

Page is in German.
Komplettcheck option tests all.
The checkmark has to be set so you are allowed to scan your WAN IP.
After selecting your desired options click on TEST STARTEN button.

Then fly ... ;)

Edit: TR-69 is for cable modems or routers.

3 pages 1 2 3


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023