There is not, because this can change from time to time, depending on load and geographical distribution of new Plex users.
However, there is this https://s3-eu-west-1.amazonaws.com/plex-sidekiq-servers-list/sidekiqIPs.txt
(this is linked in this article https://support.plex.tv/articles/200931138-troubleshooting-remote-access/ )
Prefer not to remove access to all my family. What exactly is the risk?
For example I am on a comcast router, typical security, with udp disabled and no ports fowarded. My remote enable is such that only those I share with have access. Am I at risk?
This is a confusing issue.
But a home user that has SSDP enabled on their router, probably because it came that way from the manufacturer, will be abused by your software and itās āprivate network only featureā
The problem comes when a Plex Media Server discovers a local router that has SSDP support enabled. When this happens, the Plex Media Server will add a NAT forwarding rule to the router, exposing its Plex Media SSDP (PMSSDP) service directly on the internet on UDP port 32414.
Iām assuming that since the port they are scanning for is 32414, that if your server is manually set to something other than that it wll greatly reduce the odds of them hitting you since they probably arenāt scanning every port for PLEX servers. Hence the security through obscurity concept. It doesnāt rule it out, but if you are looking for bananas and you have a banana hidden in a watermellon, the odds of being found are vastly reduced.
Just to add to the mix;
I believe Google WIFI has this turned on by default.
Rusty on all my network stuff so it might be good to get a list of all routers impacted.
Iāve turned off my remote connections on my Plex server until I have more time this weekend to look into whatās going on.
The risk? If you have a server thatās actually participating in a DDoS attack on something significant; your ISP might lock you from the internet if they are actively cooperating with a dedicated blacklist to fix the problem.
Seriously is this such an issue that I have to shutdown the server? Hard to follow what is actually the vulnerability here, some posts seem to imply a private network could be safe, others not so, some say if port forwarding, others say udpā¦ This reads all over the board for the non - network / non expert types on the subject.
no.
Either set your ports manually (do not use uPnP) or disable remote access.
2 Likes
So, if you have uPnP disabled on your router, does this protect your Plex from being used in a DDos attack?
Well I have uPnP disabled, I did not set any port manually and my remote access works. So I am unclear why I also need to set ports manually and what exactly to set them to, also seems setting ports is like moving to a new house, does not fix anything just tries to make you less visable.
Well SSDP can not be disabled it appears in the Plex server. This was reported years ago and guess what Plex did? Nothing. Surprised?
Ah the lovely community feedback black hole strikes again. Stop PMS from sending SSDP - DLNA and GDM disabled
So letās see what the Plex has in store.
I know the OP already edited their post with what I would consider, bad information. So at least we have that going for us. Hopefully not too many people followed the original advise which had nothing to do with 32414.
I donāt know either, but I trust @OttoKerner - I think it may be to do with only allowing TCP access.
that part isnāt so important, but changing them away from 32400 can be helpful (as it is not the standard port and so not the one that will be most likely scanned).
Iām running OPNSense over FIOS and the ONLY way remote access will work here is with UPnP enabled. Not a fan, but Iāll be damned if I can get it to work with a manual port forward.
If I am piecing this together right it is the public port that matters. My public address and port are nothing close to the numbers for the private Plex dns and port.
That is why it is an issue for a DMZ or public server then? That sound right?
Setting the port manually (is my understanding) for this particular issue.
Change the external port number is a good idea generally.
This is where I have certain doubts whether this is actually the case.
To my knowledge, PMS is only using UPnP to request a portforwarding for its native TCP port 32400. Not also for all other ports which should only ever used in a local network.
I think there are more conditions which need to be met for this issue to occur.
A misconfiguration of the router or a router firmware bug come to mind.
Otherwise weād see not just ~67.000 affected Plex servers. There are a lot more Plex servers out there (with enabled remote access and using automatically configured portforwardings).
But as mentioned above by @tobiashieta , the matter is currently under investigation.
Until this is done, all we can do is take mitigation steps and speculate a bit.
Thanks, Otto, I am by no means an expert but a critical reading left a lot of questions on the actual nature of the risk and real impact.
My automatic public port isnāt 32400 for some reason, so am I good?
We have some really good engineers looking into this right now.
As far as we can understand so far itās not a huge issue for the individual user. But if you host it on a open network you might want to firewall the GDM port.
We will update with our findings as soon as we have it.
2 Likes
Same. My open ports that Plex automatically opened publicly are
21640
13468
26216
All forward to 32400 so presumably Iām Ok?
