DDoS-for-hire services have found a way to use Plex Media Servers as a UDP reflection/amplification vector in Distributed Denial of Service attacks.
DDoS-for-hire services have found a way to use Plex Media Servers as a UDP reflection/amplification vector in Distributed Denial of Service attacks.
On Wednesday Network monitoring firm Netscout published an alert warning of an exploit against Plex Media Server.
Netscout reported that amplified PMSSDP DDoS attacks detected since November 2020 have been using UDP/32414 SSDP HTTP/U responses from exposed broadband Internet access routers and redirected towards attackers targets.
The company's alert warns owners of devices that ship with Plex Media Server, a web application for Windows, macOS, and Linux and variants customized for special-purpose platforms such as network-attached storage (NAS) devices and digital media players.
“Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks,” said Netscout researchers in a Thursday alert.
Plex scans a local network using a protocol known as G'Day Mate (GDM) to locate other supported media devices and streaming clients as part of its regular operation. The system also employs Simple Service Discovery Protocol (SSDP) searches to track down Universal Plug, and Play (UPnP) gateways on broadband internet routers with SSDP enabled.
When Plex discovers a UPnP gateway, it uses the NAT Port Mapping Protocol to implement dynamic NAT forwarding rules on the router. Herein lies the problem.
According to Netscout, this method exposes a Plex UPnP-enabled service registration responder to the general internet. By doing so, Plex can then be exploited to reflect and amplify DDoS attacks.
Netscout reported that it found amplified Plex Media SSDP (PMSSDP) DDoS attack traffic on abused broadband internet access routers directed towards several targets.
"The researchers who reported on this issue did not provide any prior disclosure, but Plex is now aware of the problem and is actively working on addressing it," said a Plex spokesperson.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?