gbrandtechuttyler used Ask the Experts™
I am seeing quite a bit of UPnP and SSDP traffic on my edge router. Is there any good reason why I should not block that traffic or shut off the service from generating the traffic on an enterprise network?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2015

Maybe use enterprise policies to shut it off near the source first?
UPnP SSDP M-SEARCH requests can be used to search a network for UPNP devices. These requests can be distributed across multiple responses from multiple hosts, and because it utilizes UDP, this can be used to conduct traffic amplification attacks against other assets, typically in the form of distributed reflected denial of service (DRDoS) attacks. Please block the traffic unless you specifically want the search ability open.


My only hesitation is that I don't know what else besides network discovery depends on these protocols.
Thanks for the grade. Hope you're able to handle anything that may come up.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial