HOME

TheInfoList



Click Here for Items Related To - Simple Service Discovery Protocol
OR:
Simple Service Discovery Protocol on:   [Wikipedia]   [Google]   [Amazon]

The Simple Service Discovery Protocol (SSDP) is a
network protocol A communication protocol is a system of rules that allows two or more entities of a communications system to transmit information via any variation of a physical quantity. The protocol defines the rules, syntax, semantics, and synchronization of ...
based on the
Internet protocol suite The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are ...
for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as
Dynamic Host Configuration Protocol The Dynamic Host Configuration Protocol (DHCP) is a network protocol, network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the netw ...
(DHCP) or
Domain Name System The Domain Name System (DNS) is a hierarchical and distributed name service that provides a naming system for computers, services, and other resources on the Internet or other Internet Protocol (IP) networks. It associates various information ...
(DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of Universal Plug and Play (UPnP) and is intended for use in residential or small office environments. It was formally described in an IETF Internet Draft by
Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...
and
Hewlett-Packard The Hewlett-Packard Company, commonly shortened to Hewlett-Packard ( ) or HP, was an American multinational information technology company. It was founded by Bill Hewlett and David Packard in 1939 in a one-car garage in Palo Alto, California ...
in 1999. Although the IETF proposal has since expired (April, 2000), SSDP was incorporated into the UPnP protocol stack, and a description of the final implementation is included in UPnP standards documents.


Protocol transport and addressing

SSDP is a text-based protocol based on HTTPU, which uses UDP as the underlying transport protocol. Services are announced by the hosting system with
multicast In computer networking, multicast is a type of group communication where data transmission is addressed to a group of destination computers simultaneously. Multicast can be one-to-many or many-to-many distribution. Multicast differs from ph ...
addressing to a specifically designated
IP multicast IP multicast is a method of sending Internet Protocol (IP) datagrams to a group of interested receivers in a single transmission. It is the IP-specific form of multicast and is used for streaming media and other network applications. It uses speci ...
address at UDP
port number In computer networking, a port is a communication endpoint. At the software level within an operating system, a port is a logical construct that identifies a specific process or a type of network service. A port is uniquely identified by a numbe ...
1900. In
IPv4 Internet Protocol version 4 (IPv4) is the first version of the Internet Protocol (IP) as a standalone specification. It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. ...
, the multicast address is and SSDP over
IPv6 Internet Protocol version 6 (IPv6) is the most recent version of the Internet Protocol (IP), the communication protocol, communications protocol that provides an identification and location system for computers on networks and routes traffic ...
uses the address set for all scope ranges indicated by . This results in the following ''well-known'' practical multicast addresses for SSDP: * (IPv4 site-local address) * (IPv6 link-local) * (IPv6 site-local) Additionally, applications may use the source-specific multicast addresses derived from the local IPv6 routing prefix, with group ID ''c'' (decimal 12). SSDP uses the HTTP method ''NOTIFY'' to announce the establishment or withdrawal of services (presence) information to the multicast group. A client that wishes to discover available services on a network uses method ''M-SEARCH''. Responses to such search requests are sent via unicast addressing to the originating address and port number of the multicast request. Microsoft's IPv6 SSDP implementations in
Windows Media Player Windows Media Player (WMP, officially referred to as Windows Media Player Legacy to retronym, distinguish it from Windows Media Player (2022), the new Windows Media Player introduced with Windows 11) is the first media player (application soft ...
and Server use the link-local scope address. Microsoft uses port number 2869 for event notification and event subscriptions. However, early implementations of SSDP also used port 5000 for this service.


DDoS attack

In 2014 it was discovered that SSDP was being used in
DDoS In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host co ...
attacks known as an ''SSDP reflection attack with amplification''. Many devices, including some residential routers, have a vulnerability in the UPnP software that allows an attacker to get replies from port number 1900 to a destination address of their choice. With a
botnet A botnet is a group of Internet-connected devices, each of which runs one or more Internet bot, bots. Botnets can be used to perform distributed denial-of-service attack, distributed denial-of-service (DDoS) attacks, steal data, send Spamming, sp ...
of thousands of devices, the attackers can generate sufficient packet rates and occupy bandwidth to saturate links, causing the denial of services. The network company
Cloudflare Cloudflare, Inc., is an American company that provides content delivery network services, cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, ICANN-accredited domain registration, and other se ...
has described this attack as the "Stupidly Simple DDoS Protocol".


Firefox vulnerability

Firefox for Android prior to version 79 did not properly validate the schema of the
URL A uniform resource locator (URL), colloquially known as an address on the Web, is a reference to a resource that specifies its location on a computer network and a mechanism for retrieving it. A URL is a specific type of Uniform Resource Identi ...
received in SSDP and were vulnerable to remote code execution. An attacker on the same network could create a malicious server pretending to be a device supporting casting, but instead of a configuration file it would return an intent:// URL. Firefox would launch the intent (if it was supported by the device) and thus would execute arbitrary code. This is not a bug with SSDP, just an improper validation performed by Firefox casting service.


See also

* Service Location Protocol * Jini * Zero-configuration networking *
Neighbor Discovery Protocol The Neighbor Discovery Protocol (NDP), or simply Neighbor Discovery (ND), is a protocol of the Internet protocol suite used with Internet Protocol Version 6 (IPv6). It operates at the internet layer of the Internet model, and is responsible for ...
* Discovery and Launch * WS-Discovery


References

{{reflist Windows communication and services Application layer protocols Service discovery protocols