Article overview

Help article

How do I prevent abuse of the SSDP port?

SSDP stands for Simple Service Discovery Protocol and is often used for discovering Plug & Play (UPnP) devices. In 2014 it was discovered that the SSDP port 1900 can be used in 'amplication attacks'.

Simply put, in an 'amplification attack' an amount of data is sent to your SSDP port from a spoofed IP. Your VPS then sends a significantly larger amount of data back to the actual IP. This way, malicious parties can abuse your SSDP port to perform a (D) DoS attack on the spoofed IP address.

For this reason, it is not allowed to use the SSDP port on a VPS at TransIP. In this article we explain how to close this gate.


Closing the SSDP port

SSDP uses port 1900 and, depending on the firewall you use, closes as follows:

 

Firewalld

Step 1

Close port 1900 with the command:

sudo firewall-cmd --zone=public --remove-port=1900/udp

 

Step 2

Reload your firewall with the command:

sudo firewall-cmd --reload

 

Iptables

Step 1

Close port 1900 with the command:

sudo iptables -A INPUT -p udp --dport 1900 -j DROP

 

Step 2

Restart your firewall as follows:

iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart

 

Windows firewall

Step 1

Open the Windows Firewall with Advanced Security and click on 'Inboud Rules' > 'New Rule'.

windows firewall new inbound rule


 

Step 2

Select ‘port’ and click on ‘Next’.

windows firewall inbound rule port


 

Step 3

Select the ‘UDP’ option and enter port number 1900.

windows firewall protocol and port number


 

Step 4

Select ‘Block the connection’ and click on ‘Next’.

windows firewall action


 

Step 5

In the next page you state that you want to use these settings for domain, private and public purposes. These options are selected by default and you do not have to change anything. You can then proceed directly to the next step.

windows firewall profile


 

Step 6

Give the new rule a name with which you can easily recognize the rule, such as 'SSDP block' and click on 'Finish'.

windows firewall rule name


 

Your VPS is now protected against misuse of SSDP port 1900. If you have any questions about this article, please feel free to contact us with the 'Contact Us' button at the bottom of this article.

 

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us