SSDP is used by some consumer-level equipment for network discovery. It does not have any real use on public servers and is used for reflection DDoS attacks on dedicated servers.
On Windows machines, SSDP is run through the ‘SSDP Discovery’ service. To disable this:
- Click Start, type ‘services.msc’
- Find the SSDP service, right-click it, and choose Properties
- Change ‘Startup Type’ to Disabled
- Click ‘Stop’
- Click OK
On Linux machines, SSDP is generally run through some type of UPNP server. The exact one varies significantly.
For Linux, we suggest blocking this with an iptables rule, such as:
iptables -I INPUT 1 -p udp -m udp –dport 1900 -j DROP