Plex Media Servers Being Used to Amplify DDoS Attacks

Plex Media Servers Being Used to Amplify DDoS Attacks

A new network security issue is causing headaches for the victims of DDoS attacks. According to security firm Netscout, several DDoS services have found a way to use Plex Media Servers to amplify the junk traffic they fire off toward targets during attacks. The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There’s not much Plex users can do about it right now, either.

Plex is a media management and streaming program you can install on a computer or NAS box. It catalogs, organizes, and streams your video and audio collection. It can even transcode files in real-time so you can watch them on almost any device via the Plex client. However, Plex is designed to stream media both inside and outside your local network. While you need an account to log in remotely, Plex is still visible on the public internet at port 32414, which it opens via the Simple Service Discovery Protocol (SSDP) on compatible routers.

The attack doesn’t require the attackers to log into your Plex server or install anything on your network. The DDoS simply tricks Plex into pinging the wrong IP address. The server gets packets through the open port that appear to have come from a certain IP address. However, that address is the attacker’s target and not the attacker themselves. Netscout says Plex’s response packets can be as much as 281 bytes in size, which is a 4.68x amplification of the original data.

The name of the game in DDoS attacks is bandwidth. Netscout says that Plex Media SSDP (PMSSDP) attacks can generate 2-3 Gbps of data, which is enough to crash smaller websites and services. It’s possible to reach hundreds of gigabits with multi-vector DDoS attacks and PMSSDP.

Plex Media Servers Being Used to Amplify DDoS Attacks

Plex says it was not alerted to the threat ahead of time, but Netscout says this attack is already in the wild and is even becoming “common.” However, it might have been nice if there was some communication with Plex in advance of publication. Netscout claims there are about 27,000 Plex servers online with PMSSDP.

In the Plex forums, developers say the company is looking into the reports. Some users have suggested manually changing the Plex Media Server remote access port, but that’s a “security through obscurity” play. The only foolproof way to keep your server from amplifying a DDoS right now is to disable remote access altogether or manually configure your router firewall to block all UDP traffic on your Plex port.

Continue reading

Intel’s Desktop TDPs No Longer Useful to Predict CPU Power Consumption
Intel’s Desktop TDPs No Longer Useful to Predict CPU Power Consumption

Intel's higher-end desktop CPU TDPs no longer communicate anything useful about the CPUs power consumption under load.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

AMD May Allow Custom RX 6900 XT Cards, Launch Stock May Be Limited
AMD May Allow Custom RX 6900 XT Cards, Launch Stock May Be Limited

There are rumors that Nvidia may not be the only company facing production shortages this holiday season. High-end GPUs might just be very hard to find in general.

Intel Launches New Xe Max Mobile GPUs for Entry-Level Content Creators
Intel Launches New Xe Max Mobile GPUs for Entry-Level Content Creators

Intel has launched a new consumer, mobile GPU — but it's got a very specific use-case, at least for now.