Plex media servers actively scanned and used to amplify DDoS attacks

Published by

Click here to post a comment for Plex media servers actively scanned and used to amplify DDoS attacks on our message forum
#5885450
data/avatar/default/avatar21.webp
To be clear, this isn't a Plex problem, it's a router problem. No router should be exposing UPnP to the WAN side, which is what is being exploited here. You can detect whether it is or not on your system by visiting Bad UPnP/SSDP - Check for WAN UPnP listening (benjojo.co.uk) You should do so even if you aren't running Plex, since you can be exploited by many services outside it. If it shows you are vulnerable, your best option is to turn off UPnP in your router.
#5885496
https://forums.guru3d.com/data/avatars/m/225/225084.jpg
Well it seems i'm not listening on UPnP WAN.
#5885507
https://forums.guru3d.com/data/avatars/m/271/271131.jpg
illrigger:

No router should be exposing UPnP to the WAN side.
Couldnt agree more. I would like to add "disable answering ICMP messages on WAN". 🙂
#5885535
https://forums.guru3d.com/data/avatars/m/145/145154.jpg
Thanks for the verification link! ""All good! It looks like you are not listening on UPnP on WAN"" I was expecting it to tell me that it could fly a 747 through all the security holes. Apparently not, which is nice as I'm fairly clueless in this regard. (*back to watching PLEX...)
#5885571
https://forums.guru3d.com/data/avatars/m/271/271131.jpg
@0blivious for your 747 feeling there is this test: https://www.heise.de/security/dienste/portscan/test/go.shtml?scanart=1 Page is in German. Komplettcheck option tests all. The checkmark has to be set so you are allowed to scan your WAN IP. After selecting your desired options click on TEST STARTEN button. Then fly ... 😉 Edit: TR-69 is for cable modems or routers.
#5885822
https://forums.guru3d.com/data/avatars/m/255/255184.jpg
LOL. Plex has release a new version to prevent DDOS attacks, what a joke. Check the release notes Version 1.21.3.4014 StSimm1Plex Employee 3d Plex Media Server 1.21.3.4015 is now available to Plex Pass users in the Beta update channel. Plex Media Server 1.21.3.4014 is now available to everyone. FIXES: (Security) Mitigate against potential DDoS amplification by only responding to UDP requests from LAN
#5885839
https://forums.guru3d.com/data/avatars/m/281/281256.jpg
Always use this site every few ~Days lots of folks claim he is a fraud but his tool is simple to use and works and he was alerting the public to the dangers off UPnP many many years ago https://www.grc.com/x/ne.dll?rh1dkyd2
#5885841
https://forums.guru3d.com/data/avatars/m/272/272918.jpg
suty455:

Always use this site every few ~Days lots of folks claim he is a fraud but his tool is simple to use and works and he was alerting the public to the dangers off UPnP many many years ago https://www.grc.com/x/ne.dll?rh1dkyd2
Yeah I'd posted it two posts up.
#5885842
https://forums.guru3d.com/data/avatars/m/281/281256.jpg
insp1re2600:

Yeah I'd posted it two posts up.
Doh!
#5886414
data/avatar/default/avatar02.webp
thanks for the news totally missed that