Giters

marsalans / badupnp

Web service to test if SSDP/UPnP is exposed to the internet

Home Page:https://badupnp.benjojo.co.uk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

badupnp

This is a simple web service that tests if the viewer is running a router that is responding to UPnP / SSDP on the internet. This is bad because UPnP returns many more packets than the requesting system sends it, combined with UDP as a transport, it makes it a protocol ripe for abuse for DDoS reflection.

This tool was written for the Cloudflare blog post: https://blog.cloudflare.com/ssdp-100gbps/

Example systemd units:

[Service]
ExecStart=/usr/bin/badupnp
Restart=always
StandardOutput=syslog
StandardError=syslog
SyslogIdentifier=badupnp
User=root
WorkingDirectory=/usr/local/badupnp/
RestartSec=10s

[Install]
WantedBy=multi-user.target

Example lighttpd reverse proxy info:

# ensure you have mod_proxy loaded

$HTTP["host"] == "badupnp.benjojo.co.uk" {
    proxy.server  = ( "" => ( (
            "host" => "127.0.0.1",
            "port" => 753
    ) ) )
}

About

Web service to test if SSDP/UPnP is exposed to the internet

https://badupnp.benjojo.co.uk

Languages

Language:Makefile 35.9%Language:Go 22.0%Language:JavaScript 18.4%Language:HTML 16.9%Language:CSS 6.9%