SSDP has been used to amplify the effects of and increase the number of DDoS attacks. Is this a risky protocol...
to use in the enterprise? What are the best ways to secure it?
The latest DDoS attack numbers are pretty sobering. It's as if everyone is getting hit at some point and no one has a good resolution to the problem. Such is the case with the Simple Service Discovery Protocol (SSDP).
Most people aren't aware of the SSDP protocol or the fact that it's running on their networks. The more systems and protocols present in any given environment, the more complexity.
UDP-based SSDP is the underlying mechanism for the widely-used Universal Plug and Play protocol. If you look on your network you will likely see it running everywhere -- on devices from webcams to routers.
If you don't believe you need the SSDP protocol and are willing to live without Windows HomeGroups (its largest dependency), you can disable the protocol. For example, on your Windows workstations, you can do this via Group Policy or by running services.msc, selecting the SSDP Discovery service and disabling it on the local system.
I'm not aware of any potential side effects; however, there could be some, so make sure you test this thoroughly in your own unique environment.
Whether it's emerging attacks against SSDP or the proven UDP amplification attacks via NTP or DNS, the risk for DDoS attacks may exist on your network, so anything you can do to help minimize the chances is a good thing.
Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)
Learn more about the shifting tactics of DDoS attackers
Dig Deeper on IPv6 security and network protocols security
Related Q&A from Kevin Beaver
Android Oreo replaced the allow unknown sources setting with a new feature that enables users to selectively install unknown apps. Kevin Beaver ... Continue Reading
Several vulnerabilities were recently discovered in Android bootloaders via the BootStomp tool. Kevin Beaver explains how they work and what risk ... Continue Reading
Equifax's Apache Struts vulnerability was an example of a scan not being read correctly. Kevin Beaver explains vulnerability scans and how issues can... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.