Security News > 2021 > February > Plex Media Server Abused for DDoS Attacks

Malicious actors have been abusing Plex Media Server to amplify distributed denial-of-service attacks, according to application and network performance management company Netscout.

A popular personal media library and streaming solution, Plex Media Server can be used on Windows, macOS, and Linux systems, to stream content, including that from network-attached storage devices, RAID storage, and the like.

Once it has identified an UPnP gateway, Plex attempts to set dynamic NAT forwarding rules on the router, which results in a Plex UPnP-enabled service registration responder becoming exposed to the Internet, thus enabling DDoS reflection and amplification.

"Observed single-vector PMSSDP reflection/amplification DDoS attacks to date range in size from ~2 Gbps - ~3 Gbps; multi-vector and omni-vector attacks incorporating PMSSDP range from the low tens of Gbps up to 218 Gbps," Netscout notes.

NETSCOUT did not warn Plex of the issue prior to public disclosure, but the company is now preparing a simple patch to increase the protection of accidentally exposed servers, a Plex spokesperson told SecurityWeek via email.

"This issue appears to be limited to a small number of media server owners who have misconfigured their firewalls by allowing UDP traffic on device-discovery ports from the public internet to reach their servers, and our current understanding is that it does not allow an attacker to compromise any Plex user's device security or privacy," the spokesperson added.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/yKlHDBxWrdg/plex-media-server-abused-ddos-attacks