Plex Media Server Vulnerability?


3 posts in this topic Last Reply

Recommended Posts

Feb 6, 2021 - New DDoS Plex Media Server Vulnerability?

Seems to be a number of recent news posts, like this one that PLEX Media Server is enabling distributed denial-of-service (DDoS) attacks across a number of vulnerable servers/systems. My understanding is that this is as much a network configuration issue as a PLEX software issue, as it seems to reply exploiting router port configuration (32400-32414) vulnerabilities. As PLEX is configured, users often enable external (internet) access to media (movies, music, etc) from one their server to other external devices (iPhones, tablets, etc) through the configuration process, when using protocols like universal plug and play (UPnP). UPnP allows systems on the same network (Server->Router) to seek each other out and share file Access. UPnP often uses simple service discovery protocol (SSDP) in order to do this.

 

This is apparently where external hackers/attackers take advantage by leveraging the exposed SSDP in DDOS amplification attacks in the specific router ports. I don't understand all the dynamics of it, and am looking for that and other insights - especially where it comes to unRAID and PLEX interacting.

 

My questions are:

 0) Should I be concerned? (I temporarily stopped/took my PLEX docker server offline on my unRAID server, and closed the port on my router. Am also on Verizon FIOS - so not sure if they are "intercepting" the DDoS within their network?)

 1) Anyone seen artifacts of a DDoS like this on their unRAID systems (either in VM or Dockers?)

 2) Anyone know if the vulnerability would likely exist with port forwarding typically seen with most home routers and a PLEX (unRAID) Server? Would/Could other local networked systems be compromised? How would you tell (on unRAID or other)?

 3) Would PLEX Media Server be more or less (or equally) vulnerable as a VM or as a Docker on unRAID?

 4) PLEX said they would be issuing a patch in the next few days, any idea how long that would take to propagate into the Docker versions that are in the Community Distributions in unRAID?

 

Thanks for reading, and thanks especially for anyone more knowledgeable than me to provide additional insight and knowledge. It's greatly appreciated, and this forum is great - thanks to those who share information, and help keep it running!

Edited by rollieindc
minor typo & unraid clarification
Link to post
19 minutes ago, rollieindc said:

when using protocols like universal plug and play (UPnP)

I have always disabled UPnP on my router and do manual port forwards as needed.  UPnP has been prone to security issues and other problems that just don't make it worth using for me.  I can do what I need to do manually without UPnP.

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.