For instance, I use Plex because I am behind a slow DSL connection. Plex has long been tone deaf to user's needs. Numerous things are ironic about this, but one of them is that the SSDP discovery of the Plex server is highly unreliable and "movie night" often involves rebooting the media player and the server several times. This weekend I am taking down my Plex server even if I don't have jellyfin running at 100%. Plot twist: that's the whole reason someone is doing this: they didn't die a hero, just lived long enough to become the villain. Hopefully now that this is public, the Plex developers actually do something about it. It defeats half the purpose of having a firewall. You're letting any device in your network make any hole it wants in your firewall. It's not really that extreme of an option. Thank you Lee, I just disabled UPNP on my router as a precaution, but it feels like a bit of an extreme step. Part of the problem seems to be that users have been screaming at the Plex developers for a way to disable SSDP for literally years (there are many, many more threads asking similar questions) and so far, the Plex developers have shown the same level of enthusiasm in responding to those requests as they have to basically any other community request for useful features. You might also need to disable GDM and DNLA-it's really difficult to understand what the server-side mitigations are here because even the original security report literally doesn't have any server-side mitigation suggestions. If I'm reading things right, this will prevent your LAN Plex server from auto-negotiating a hole in your firewall and blasting SSDP out everywhere. I think that a partial fix, such as it is, would be to ensure your router does not have UPnP enabled. I would've liked a explanation on how to check is a plex server is configured in a vulnerable way and how to correct it.
0 Comments
Leave a Reply. |