Plex Media Servers Being Used to Amplify DDoS Attacks

Plex Media Servers Being Used to Amplify DDoS Attacks

A new network security issue is causing headaches for the victims of DDoS attacks. According to security firm Netscout, several DDoS services have found a way to use Plex Media Servers to amplify the junk traffic they fire off toward targets during attacks. The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There’s not much Plex users can do about it right now, either.

Plex is a media management and streaming program you can install on a computer or NAS box. It catalogs, organizes, and streams your video and audio collection. It can even transcode files in real-time so you can watch them on almost any device via the Plex client. However, Plex is designed to stream media both inside and outside your local network. While you need an account to log in remotely, Plex is still visible on the public internet at port 32414, which it opens via the Simple Service Discovery Protocol (SSDP) on compatible routers.

The attack doesn’t require the attackers to log into your Plex server or install anything on your network. The DDoS simply tricks Plex into pinging the wrong IP address. The server gets packets through the open port that appear to have come from a certain IP address. However, that address is the attacker’s target and not the attacker themselves. Netscout says Plex’s response packets can be as much as 281 bytes in size, which is a 4.68x amplification of the original data.

The name of the game in DDoS attacks is bandwidth. Netscout says that Plex Media SSDP (PMSSDP) attacks can generate 2-3 Gbps of data, which is enough to crash smaller websites and services. It’s possible to reach hundreds of gigabits with multi-vector DDoS attacks and PMSSDP.

Plex Media Servers Being Used to Amplify DDoS Attacks

Plex says it was not alerted to the threat ahead of time, but Netscout says this attack is already in the wild and is even becoming “common.” However, it might have been nice if there was some communication with Plex in advance of publication. Netscout claims there are about 27,000 Plex servers online with PMSSDP.

In the Plex forums, developers say the company is looking into the reports. Some users have suggested manually changing the Plex Media Server remote access port, but that’s a “security through obscurity” play. The only foolproof way to keep your server from amplifying a DDoS right now is to disable remote access altogether or manually configure your router firewall to block all UDP traffic on your Plex port.

Continue reading

NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space
NASA’s OSIRIS-REx Asteroid Sample Is Leaking into Space

NASA reports the probe grabbed so much regolith from the asteroid that it's leaking out of the collector. The team is now working to determine how best to keep the precious cargo from escaping.

Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR
Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR

Ask anyone who has spent more than a few minutes inside a VR headset, and they'll mention the screen door effect. This could eliminate it for good.

Astronomers Spot Earth-Sized Rogue Planet Wandering the Galaxy
Astronomers Spot Earth-Sized Rogue Planet Wandering the Galaxy

Astronomers have identified more than 4,000 exoplanets orbiting other stars but just a few "rogue planets" wandering the galaxy without a star to call home. A new study claims to have spotted one of these worlds, and it may be a small, rocky world like Earth.

NASA Probe Stows Huge Asteroid Sample for Return to Earth
NASA Probe Stows Huge Asteroid Sample for Return to Earth

Following the recent successful touch and go operation, NASA has reported a sizeable sample of the asteroid has now been locked away in the probe's sample return container.