rollieindc Posted February 7, 2021 Share Posted February 7, 2021 (edited) Feb 6, 2021 - New DDoS Plex Media Server Vulnerability? Seems to be a number of recent news posts, like this one that PLEX Media Server is enabling distributed denial-of-service (DDoS) attacks across a number of vulnerable servers/systems. My understanding is that this is as much a network configuration issue as a PLEX software issue, as it seems to reply exploiting router port configuration (32400-32414) vulnerabilities. As PLEX is configured, users often enable external (internet) access to media (movies, music, etc) from one their server to other external devices (iPhones, tablets, etc) through the configuration process, when using protocols like universal plug and play (UPnP). UPnP allows systems on the same network (Server->Router) to seek each other out and share file Access. UPnP often uses simple service discovery protocol (SSDP) in order to do this. This is apparently where external hackers/attackers take advantage by leveraging the exposed SSDP in DDOS amplification attacks in the specific router ports. I don't understand all the dynamics of it, and am looking for that and other insights - especially where it comes to unRAID and PLEX interacting. My questions are: 0) Should I be concerned? (I temporarily stopped/took my PLEX docker server offline on my unRAID server, and closed the port on my router. Am also on Verizon FIOS - so not sure if they are "intercepting" the DDoS within their network?) 1) Anyone seen artifacts of a DDoS like this on their unRAID systems (either in VM or Dockers?) 2) Anyone know if the vulnerability would likely exist with port forwarding typically seen with most home routers and a PLEX (unRAID) Server? Would/Could other local networked systems be compromised? How would you tell (on unRAID or other)? 3) Would PLEX Media Server be more or less (or equally) vulnerable as a VM or as a Docker on unRAID? 4) PLEX said they would be issuing a patch in the next few days, any idea how long that would take to propagate into the Docker versions that are in the Community Distributions in unRAID? Thanks for reading, and thanks especially for anyone more knowledgeable than me to provide additional insight and knowledge. It's greatly appreciated, and this forum is great - thanks to those who share information, and help keep it running! Edited February 7, 2021 by rollieindc minor typo & unraid clarification Quote Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.