Article overview

Help article

How do I prevent abuse of the SSDP port?

SSDP stands for Simple Service Discovery Protocol and is often used for discovering Plug & Play (UPnP) devices. In 2014 it was discovered that the SSDP port 1900 can be used in 'amplication attacks'.

Simply put, in an 'amplification attack' an amount of data is sent to your SSDP port from a spoofed IP. Your VPS then sends a significantly larger amount of data back to the actual IP. This way, malicious parties can abuse your SSDP port to perform a (D) DoS attack on the spoofed IP address.

For this reason, it is not allowed to use the SSDP port on a VPS at TransIP. In this article we explain how to close this gate.

Closing the SSDP port

SSDP uses port 1900 and, depending on the firewall you use, closes as follows:



Step 1

Close port 1900 with the command:

sudo firewall-cmd --zone=public --remove-port=1900/udp


Step 2

Reload your firewall with the command:

sudo firewall-cmd --reload



Step 1

Close port 1900 with the command:

sudo iptables -A INPUT -p udp --dport 1900 -j DROP


Step 2

Restart your firewall as follows:

iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart


Windows firewall

Step 1

Open the Windows Firewall with Advanced Security and click on 'Inboud Rules' > 'New Rule'.

windows firewall new inbound rule


Step 2

Select ‘port’ and click on ‘Next’.

windows firewall inbound rule port


Step 3

Select the ‘UDP’ option and enter port number 1900.

windows firewall protocol and port number


Step 4

Select ‘Block the connection’ and click on ‘Next’.

windows firewall action


Step 5

In the next page you state that you want to use these settings for domain, private and public purposes. These options are selected by default and you do not have to change anything. You can then proceed directly to the next step.

windows firewall profile


Step 6

Give the new rule a name with which you can easily recognize the rule, such as 'SSDP block' and click on 'Finish'.

windows firewall rule name


Your VPS is now protected against misuse of SSDP port 1900. If you have any questions about this article, please feel free to contact us with the 'Contact Us' button at the bottom of this article.


Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.


Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us