Plex media servers actively scanned and used to amplify DDoS attacks

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Feb 8, 2021.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    41,802
    Likes Received:
    9,899
    GPU:
    AMD | NVIDIA
    386SX likes this.
  2. illrigger

    illrigger Master Guru

    Messages:
    281
    Likes Received:
    94
    GPU:
    Gigabyte RTX 3080
    To be clear, this isn't a Plex problem, it's a router problem. No router should be exposing UPnP to the WAN side, which is what is being exploited here.

    You can detect whether it is or not on your system by visiting Bad UPnP/SSDP - Check for WAN UPnP listening (benjojo.co.uk)

    You should do so even if you aren't running Plex, since you can be exploited by many services outside it. If it shows you are vulnerable, your best option is to turn off UPnP in your router.
     
    0blivious and 386SX like this.
  3. Reddoguk

    Reddoguk Ancient Guru

    Messages:
    2,188
    Likes Received:
    283
    GPU:
    RTX3090 GB GamingOC
    Well it seems i'm not listening on UPnP WAN.
     
  4. 386SX

    386SX Maha Guru

    Messages:
    1,167
    Likes Received:
    1,238
    GPU:
    AMD Vega64 RedDevil
    Couldnt agree more. I would like to add "disable answering ICMP messages on WAN". :)
     
    GSDragoon likes this.

  5. 0blivious

    0blivious Ancient Guru

    Messages:
    3,134
    Likes Received:
    630
    GPU:
    5700XT / GTX1070
    Thanks for the verification link!

    ""All good! It looks like you are not listening on UPnP on WAN""

    I was expecting it to tell me that it could fly a 747 through all the security holes. Apparently not, which is nice as I'm fairly clueless in this regard. (*back to watching PLEX...)
     
  6. 386SX

    386SX Maha Guru

    Messages:
    1,167
    Likes Received:
    1,238
    GPU:
    AMD Vega64 RedDevil
    0blivious likes this.
  7. insp1re2600

    insp1re2600 Ancient Guru

    Messages:
    1,871
    Likes Received:
    781
    GPU:
    3090 Vision OC 24GB
    386SX likes this.
  8. Cybermarc

    Cybermarc Member

    Messages:
    19
    Likes Received:
    2
    GPU:
    STRIX ASUS 980ti
    LOL. Plex has release a new version to prevent DDOS attacks, what a joke. Check the release notes Version 1.21.3.4014

    StSimm1Plex Employee
    3d
    Plex Media Server 1.21.3.4015 is now available to Plex Pass users in the Beta update channel.
    Plex Media Server 1.21.3.4014 is now available to everyone.


    FIXES:

    • (Security) Mitigate against potential DDoS amplification by only responding to UDP requests from LAN
     
    insp1re2600 likes this.
  9. suty455

    suty455 Master Guru

    Messages:
    471
    Likes Received:
    181
    GPU:
    Nvidia 3090
    Always use this site every few ~Days lots of folks claim he is a fraud but his tool is simple to use and works and he was alerting the public to the dangers off UPnP many many years ago
    https://www.grc.com/x/ne.dll?rh1dkyd2
     
  10. insp1re2600

    insp1re2600 Ancient Guru

    Messages:
    1,871
    Likes Received:
    781
    GPU:
    3090 Vision OC 24GB
    Yeah I'd posted it two posts up.
     
    suty455 likes this.

  11. suty455

    suty455 Master Guru

    Messages:
    471
    Likes Received:
    181
    GPU:
    Nvidia 3090
    Doh!
     
    insp1re2600 likes this.
  12. kakiharaFRS

    kakiharaFRS Master Guru

    Messages:
    691
    Likes Received:
    211
    GPU:
    KFA2 RTX 3090
    thanks for the news totally missed that
     

Share This Page