Strengthening XFINITY Internet Security By Preventing SSDP Abuse
We are continuously working to protect the privacy and security of Xfinity Internet customers, and one of the ways we do that is by blocking Internet “ports” that are commonly used for malicious traffic. This week we began blocking the Simple Service Discovery Protocol (SSDP), which uses port 1900/UDP, in our DOCSIS network. This will help prevent something called a reflection attack that uses SSDP and is similar to the action we took on SNMP a few years ago.
SSDP is part of the Universal Plug and Play (UPnP) Protocol and is used for discovering and connecting with other UPnP enabled devices inside the home network. Unfortunately, vulnerabilities or misconfiguration in home routers or UPnP enabled devices can expose SSDP outside the home network. There is no legitimate use for SSDP outside of the local network.
SSDP based reflection attacks can lead to poor performance and reduce speeds for customers. In one of these instances, an attacker spoofs the source IP address and uses customer devices as reflectors to target other providers and their customers. Today’s action will block these kinds of attacks.
We will be blocking the SSDP port 1900/UDP for all residential Internet customers. The result will not only protect Comcast customers, but benefit others on the Internet from being victims of SSDP reflection attacks.