Netscout mentions 27,000 vulnerable Plex servers have already been detected and can be used to carry out a DDOS attack. Hackers should only search the internet for devices that have the udp port 32414 open and can take over the device, as simple as that. Using the SSDP protocol over this UDP port of a router is an interesting road for cybercriminals to detect, access, and subsequently use the media servers that use the Plex Media Server app to combat DDoS attacks. "As is routinely the case with newer DDoS attack vectors, it appears that after an initial period of employment by advanced attackers with access to bespoke DDoS attack infrastructure, PMSSDP has been weaponized and added to the arsenals of so-called booter/stresser DDoS-for-hire services, placing it within the reach of the general attacker population," the company said. Netscout reports that the Plex Media Server app creates a new 'network address translation' line at your local Internet router that allows the media server's SSDP protocol to directly access the Internet through udp port 32414. Attackers simply have to scan the internet for devices with this port enabled, and then abuse them to amplify web traffic they send to a DDoS attack victim. DDoS-for-hire services you can find on the web have now pointed their eyes on PLEX servers because they can abuse the SSDP (Simple Service Discovery) protocol. Media servers based on PLEX can be used for DDOS attacks.
0 kommentar(er)
