Plex Media Servers Being Used to Amplify DDoS Attacks

Plex Media Servers Being Used to Amplify DDoS Attacks

A new network security issue is causing headaches for the victims of DDoS attacks. According to security firm Netscout, several DDoS services have found a way to use Plex Media Servers to amplify the junk traffic they fire off toward targets during attacks. The researchers claim that a Plex server, properly utilized, can increase the size of DDoS packets by almost five times, making these attacks much more damaging. There’s not much Plex users can do about it right now, either.

Plex is a media management and streaming program you can install on a computer or NAS box. It catalogs, organizes, and streams your video and audio collection. It can even transcode files in real-time so you can watch them on almost any device via the Plex client. However, Plex is designed to stream media both inside and outside your local network. While you need an account to log in remotely, Plex is still visible on the public internet at port 32414, which it opens via the Simple Service Discovery Protocol (SSDP) on compatible routers.

The attack doesn’t require the attackers to log into your Plex server or install anything on your network. The DDoS simply tricks Plex into pinging the wrong IP address. The server gets packets through the open port that appear to have come from a certain IP address. However, that address is the attacker’s target and not the attacker themselves. Netscout says Plex’s response packets can be as much as 281 bytes in size, which is a 4.68x amplification of the original data.

The name of the game in DDoS attacks is bandwidth. Netscout says that Plex Media SSDP (PMSSDP) attacks can generate 2-3 Gbps of data, which is enough to crash smaller websites and services. It’s possible to reach hundreds of gigabits with multi-vector DDoS attacks and PMSSDP.

Plex Media Servers Being Used to Amplify DDoS Attacks

Plex says it was not alerted to the threat ahead of time, but Netscout says this attack is already in the wild and is even becoming “common.” However, it might have been nice if there was some communication with Plex in advance of publication. Netscout claims there are about 27,000 Plex servers online with PMSSDP.

In the Plex forums, developers say the company is looking into the reports. Some users have suggested manually changing the Plex Media Server remote access port, but that’s a “security through obscurity” play. The only foolproof way to keep your server from amplifying a DDoS right now is to disable remote access altogether or manually configure your router firewall to block all UDP traffic on your Plex port.

Continue reading

Microsoft Adds 64-bit x86 Emulation to Windows on ARM
Microsoft Adds 64-bit x86 Emulation to Windows on ARM

Microsoft announced today that the expected support for 64-bit x86 emulation on Windows on ARM devices has arrived, provided you are running Build 21277. You'll need to be part of Microsoft's Windows Insider program to test the build.

Report: Samsung May Kill Galaxy Note Series, Add Stylus to Galaxy Z Fold3
Report: Samsung May Kill Galaxy Note Series, Add Stylus to Galaxy Z Fold3

Samsung may be planning a major shift in its smartphone strategy in 2021. According to a recent analyst report, Samsung may drop the popular Galaxy Note family in favor of a foldable with a stylus. The problem, it seems, is that the Note series isn't as popular as it once was.

The Biden Administration Pledges to Address the Semiconductor Shortage
The Biden Administration Pledges to Address the Semiconductor Shortage

Early on Thursday, a group of US chip designers and manufacturers sent a letter to the White House, asking that the government include “substantial funding for incentives for semiconductor manufacturing” as part of the overall COVID-19 economic recovery plan. The Biden Administration has now pledged to take action to help remedy the situation by “identifying…

Tesla Revamps Model S Sedan Inside and Out, Adds 520-Mile Version
Tesla Revamps Model S Sedan Inside and Out, Adds 520-Mile Version

The new model starts at $79,990 for the dual-motor Model S Long Range and runs up to a $139,900 Plaid+ edition.