TTCSIRT-137.062918: TT-CSIRT Advisory – SSDP Security Updates
NETSCOUT Arbor has released a security update stating that the Simple Service Discovery Protocol (SSDP) can be exploited to launch a new type of distributed denial of service (DDoS) attack where devices respond with a non-standard port.
SSDP, which was designed for service discovery over a local network, uses text-based HTTP messages over UDP (also known as HTTPU) on port 1900. However, with this exploit. the attacker can set high-numbered ports as the source and destination instead of relying solely on UDP/1900 source port HTTPU packets.
Further information on this vulnerability and how it can be mitigated can be found at https://www.securityweek.com/ssdp-diffraction-abused-ddos-amplification |