What is an SSDP DDoS Attack?

DDOS Attack

 

A Simple Service Discovery Protocol (SSDP) attack is a reactive, distributed denial-of – service (DDoS) attack that can manipulate Universal Plug and Play (UPnP) networking protocols to send an enormous amount of traffic to a targeted victim, overwhelm the infrastructure of the target and take its web resource offline.

How does an SSDP Attack Work?

The SSDP protocol is typically used to allow UPnP devices to broadcast their presence over the network to other devices. For example, if a UPnP printer is connected to a network and receives an IP address, the printer advertises its services to the network’s computers by sending a message to a special IP address known as a multicast. The multicast address is then responsible for telling the new printer to all the computers on the network. After receiving the message of discovery a computer asks the printer to obtain a full list of its facilities. Then the printer responds with this list directly back to the computer. An attack by SSDP exploits the final service request by directing the system to respond to the targeted victim.

Steps of Traditional DDoS SSDP Attack

What’s happening during a typical SSDP DDoS attack here is:

• The intruder searches, finding plug-and – play tools which can be used as amplification factors.
• Finding networked devices, the attacker creates a list of all the devices that react.
• The attacker makes a UDP packet containing the target victim’s spoofed IP address.
• By setting specific flags, especially ssdp: rootdevice or ssdp: all, the attacker uses a botnet to send a spoofed discovery packet to each plug-and-play device with the request for as much data as possible.
• Each system sends a response to the targeted victim with data up to 30 times greater than that requested by the attacker.
• The target receives a huge amount of traffic from all the devices and gets overloaded, probably leading to a denial of service to legitimate traffic;

Prevent DDoS attacks by SSDP using Fixhackedwebsite

Fixhackedwebsite is a Managed Security Service that offers a Web Application Firewall ( WAF) delivered via a Protected Content Delivery Network ( CDN), suitable for websites and applications. Fixhackedwebsite is professionally operated by a Cyber Security Operation Center (CSOC) of trained security analysts who are always available and is powered by a Security Information and Event Management (SIEM) system that can leverage data from more than 85 million endpoints to identify and mitigate threats even before they occur.

Fixhackedwebsite also offers scanning, prevention measures and removal services for malware detection so that companies can proactively protect their company and brand image from infection and assault. Fixhackedwebsite is available with WAF that removes weaknesses in the framework and defends web applications and websites from advanced attacks including, but not limited to, DDoS, Cross-Site Scripting and SQL Injection. Combined with tools such as vulnerability scanning, malware scanning, and automated virtual patching and hardening engines, Fixhackedwebsite WAF offers comprehensive protection that is fully controlled as part of the Fixhackedwebsite Cloud solution for customers.

Main Features Fixhackedwebsite Offers:

Secure Content Delivery Network (CDN): A global system of distributed servers to enhance the performance of web applications and websites
Malware Monitoring and Remediation: Detects malware, provides the methods and tools to remove it, and prevents future malware attacks
Cyber Security Operations Center (CSOC): An integrated team of trained information security specialists offering monitoring and remediation services 24x7x365
Web Application Firewall (WAF): Efficient, real-time edge protection for websites and web applications that provide advanced authentication, filtering and defense against intrusion;
Security Information and Event Management (SIEM): Sophisticated knowledge capable of drawing on current events and data from 85M+ endpoints and 100M+ domains
PCI Scanning: Allows service providers and retailers to remain PCI DSS compliant