Ruslan Grumble - Fotolia

Get started Bring yourself up to speed with our introductory content.

How can the SSDP protocol be secured to prevent DDoS attacks?

Attackers are targeting the SSDP protocol to amplify the effects of DDoS attacks. Learn what this protocol does and how to secure it.

SSDP has been used to amplify the effects of and increase the number of DDoS attacks. Is this a risky protocol...

to use in the enterprise? What are the best ways to secure it?

The latest DDoS attack numbers are pretty sobering. It's as if everyone is getting hit at some point and no one has a good resolution to the problem. Such is the case with the Simple Service Discovery Protocol (SSDP).

Most people aren't aware of the SSDP protocol or the fact that it's running on their networks. The more systems and protocols present in any given environment, the more complexity.

UDP-based SSDP is the underlying mechanism for the widely-used Universal Plug and Play protocol. If you look on your network you will likely see it running everywhere -- on devices from webcams to routers.

If you don't believe you need the SSDP protocol and are willing to live without Windows HomeGroups (its largest dependency), you can disable the protocol. For example, on your Windows workstations, you can do this via Group Policy or by running services.msc, selecting the SSDP Discovery service and disabling it on the local system.

I'm not aware of any potential side effects; however, there could be some, so make sure you test this thoroughly in your own unique environment.

Whether it's emerging attacks against SSDP or the proven UDP amplification attacks via NTP or DNS, the risk for DDoS attacks may exist on your network, so anything you can do to help minimize the chances is a good thing.

Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)

Next Steps

Learn more about the shifting tactics of DDoS attackers

This was last published in July 2015

Dig Deeper on IPv6 security and network protocols security