SERVER-OTHER -- Snort has detected traffic exploiting vulnerabilities in a server in the network.
SERVER-OTHER SSDP M-SEARCH ssdp-all potential amplified distributed denial-of-service attempt
This event is generated when an external Simple Service Discovery Protocol (SSDP) M-Search with an ST field of "ssdp:all" is on the internal network environment. This detection notifies of a known option uses in distributed denial-of-service attacks and warns that this behavior from outside of the network is risky. Impact: Attempted Denial of Service Details: SSDP has two generic Search Target (ST) types used in conjuction with the M-SEARCH query, upnp:rootdevice, and ssdp:all. The latter option searches for all devices running UPnP and elicits large responses for these. Ease of Attack: Simple. Techniques are available to execute this type of attack.
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2013-5211 |
Loading description
|