You see this notification on the Trend Micro Home Network Security app:
Simple Service Discovery Protocol (SSDP) Reflection Denial of Service Vulnerability
Why did this happen?
This vulnerability exploits by the attackers to make use of the Universal Plug and Play (UPnP) networking protocols in order to send an amplified amount of traffic to a targeted victim, overwhelming the target’s infrastructure and taking their web resource offline.
What are its risks?
This vulnerability allows the attacker to retrieve information about the plug-and-play devices that can be utilized as amplification factors. The attacker uses a botnet to send a spoofed discovery packet to each plug-and-play devices with a request for as much data as possible. The victim will receive a large volume of traffic from all the devices and becomes overwhelmed, potentially resulting in a denial-of-service to legitimate traffic.
What should I do next?
- Download the latest update from your router’s website. Show me how.
- Allow only trusted users access your network.
- Change the default password of the router and create a much stronger password. Check your router’s manual or handbook for the instructions on changing your router’s password. Show me how.
- For network administrators, block incoming UDP traffic on port 1900 at the Firewall. Filtering traffic from this port will be able to mitigate the attack.
Am I protected?
Trend Micro customers are currently protected from this vulnerability.
Rule ID: 1133463
What if I have more questions?
For more information, check out these pages:
