Plex Media Servers Being Used to Amplify DDoS Attacks

Plex Media Servers Being Used to Amplify DDoS Attacks

A new network security issue is causing headaches for the victims of DDoS attacks. According to security firm Netscout, several DDoS services have found a way to use Plex Media Servers to amplify the junk traffic they fire off toward targets during attacks. The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There’s not much Plex users can do about it right now, either.

Plex is a media management and streaming program you can install on a computer or NAS box. It catalogs, organizes, and streams your video and audio collection. It can even transcode files in real-time so you can watch them on almost any device via the Plex client. However, Plex is designed to stream media both inside and outside your local network. While you need an account to log in remotely, Plex is still visible on the public internet at port 32414, which it opens via the Simple Service Discovery Protocol (SSDP) on compatible routers.

The attack doesn’t require the attackers to log into your Plex server or install anything on your network. The DDoS simply tricks Plex into pinging the wrong IP address. The server gets packets through the open port that appear to have come from a certain IP address. However, that address is the attacker’s target and not the attacker themselves. Netscout says Plex’s response packets can be as much as 281 bytes in size, which is a 4.68x amplification of the original data.

The name of the game in DDoS attacks is bandwidth. Netscout says that Plex Media SSDP (PMSSDP) attacks can generate 2-3 Gbps of data, which is enough to crash smaller websites and services. It’s possible to reach hundreds of gigabits with multi-vector DDoS attacks and PMSSDP.

Plex Media Servers Being Used to Amplify DDoS Attacks

Plex says it was not alerted to the threat ahead of time, but Netscout says this attack is already in the wild and is even becoming “common.” However, it might have been nice if there was some communication with Plex in advance of publication. Netscout claims there are about 27,000 Plex servers online with PMSSDP.

In the Plex forums, developers say the company is looking into the reports. Some users have suggested manually changing the Plex Media Server remote access port, but that’s a “security through obscurity” play. The only foolproof way to keep your server from amplifying a DDoS right now is to disable remote access altogether or manually configure your router firewall to block all UDP traffic on your Plex port.

Continue reading

Asteroid Bennu Might Be Hollow and Doomed to Crumble
Asteroid Bennu Might Be Hollow and Doomed to Crumble

A new analysis from the University of Colorado Boulder’s OSIRIS-REx team suggests the Bennu is much less stable than expected. In fact, it could completely go to pieces in the coming eons.

Famed Arecibo Observatory Collapses Following Cable Failures
Famed Arecibo Observatory Collapses Following Cable Failures

The National Science Foundation (NSF) previously expressed concern this could happen, which is why it decided last month the dish would be demolished rather than repaired. Gravity took care of that a bit quicker than expected as the 900-ton suspended platform plummeted into the dish overnight, completely destroying the iconic instrument.

Apple Urges Immediate iPhone Update to Block Active Online Hacks
Apple Urges Immediate iPhone Update to Block Active Online Hacks

There's a new version of Apple's iOS software for iPhone and iPad devices, and as usual, Apple is going to start pestering users to update. This time, the nagging for iOS 14.4 comes with a little more urgency.

AMD’s Discrete GPU Sales Bottomed Out in Q4
AMD’s Discrete GPU Sales Bottomed Out in Q4

AMD's market share and total number of GPUs shipped both fell in Q4, but the company's situation may not be as bad as it looks.