Since the SSDP protocol has been known for years to be a perfect vector to amplify the size of a DDoS attack, this makes Plex Media servers a juicy and untapped source of DDoS bots for DDoS-for-hire operations. When this happens, the Plex Media Server will add a NAT forwarding rule to the router, exposing its Plex Media SSDP (PMSSDP) service directly on the internet on UDP port 32414. The problem comes when a Plex Media Server discovers a local router that has SSDP support enabled. Netscout says that when a server/device running a Plex Media Server app is booted and connected to a network, it will start a local scan for other compatible devices via the Simple Service Discovery Protocol (SSDP). Plex Media servers punch a hole in router NATs
The app can be installed on regular web servers or usually ships with network-attached storage (NAS) systems, digital media players, or other types of multimedia-streaming IoT devices.
The company's alert warns owners of devices that ship with Plex Media Server, a web application for Windows, Mac, and Linux that's usually used for video or audio streaming and multimedia asset management.
