A new distributed denial-of-service attack (DDoS) vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline.
“Plex’s startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks,” Netscout researchers said in a Thursday alert.
Plex Media Server is a personal media library and streaming system that runs on modern Windows, macOS, and Linux operating systems, as well as variants customized for special-purpose platforms such as network-attached storage (NAS) devices and digital media players. The desktop application organizes video, audio, and photos from a user’s library and from online services, allowing access to and stream the contents to other compatible devices.
DDoS attacks typically involve flooding a legitimate target with junk network traffic that comes from a large number of devices that have been corralled into a botnet, effectively causing bandwidth exhaustion and leading to significant service disruptions.
A DDoS amplification attack occurs when an attacker sends a number of specially-crafted requests to a third-party server that causes the server to respond with large responses to a victim. This is done by spoofing the source IP address to appear as if they are the victim instead of the attacker, resulting in traffic that overwhelms victim resources.
images from Hacker News