A Simple Service Discovery Protocol (SSDP) attack is a type of Distributed Denial of Service (DDoS) attack. DDoS attacks seek to flood a specific location in a network via multiple zombie machines (machines controlled by the hacker and functioning as a botnet). The goal is disrupting activity of a specific target.
The target, in this case, the SSDP, is used typically in private homes or businesses. Its primary function is to discover Universal Plug And Play (UPnP) devices.
Envision this scenario. You are playing an online competitive FPS on a Friday night. You happen to be demolishing the competition and ranking high on the leaderboards.
Your competition isn’t too happy about this, and threatens you to stop competing before they retaliate. Thinking nothing of it, you continue your total online gaming domination.
Suddenly you hear devices like your printer and tablet making strange noises. They are activating on their own. Next thing you know, you are knocked offline and the game is ruined.
What just happened?
An SSDP DDoS attack.
In the case of an SSDP attack, also known as an SSDP reflection attack with amplification, a specific process is leveraged against the user. When connecting to uPnP devices, there is a vulnerability in the end-user query that can be exploited by an attacker. The end-user query sends replies from UPnP devices to the victim’s address. An SSDP attack seeks to flood that process, overloading the protocol and rendering it inactive.
In order to mitigate an SSDP DDoS attack, it is vital that the machines used for amplification are not allowed to flood a victim's machine. The only way this can occur is redirecting the requests targeted at port 1900, this is the port that is vulnerable in these attacks. A firewall can block this, but a VPN can also be a huge help here.
The only way for an SSDP protocol amplification attack to occur is if the threat actor knows your personal IP address. PureVPN prevents this by masking your IP address to the outside world. With our vast selection of servers and a strong encrypted connection (AES 256 bit); you can be certain that anyone seeking to harm you in an SSDP DDoS will be stopped.