Editing Simple Service Discovery Protocol

{{short description|Network protocol}}
{{Infobox networking protocol
| title        = Simple Service Discovery Protocol
| logo         = 
| logo alt     = 
| image        = 
| image alt    = 
| caption      = 
| is stack     = 
| abbreviation = SSDP
| purpose      = 
| developer    = [[Microsoft]], [[Hewlett-Packard]]
| date         = {{Start date and age|    |  |  }}<!--Fill in: Year (4 digits), month and day (2 digits)-->
| based on     = 
| influenced   = 
| osilayer     = 
| ports        = 
| rfcs         = 
| hardware     = 
}}
{{IPstack}}

The '''Simple Service Discovery Protocol''' ('''SSDP''') is a [[network protocol]] based on the [[Internet protocol suite]] for advertisement and discovery of network services and presence information. It accomplishes this without assistance of server-based configuration mechanisms, such as [[Dynamic Host Configuration Protocol]] (DHCP) or [[Domain Name System]] (DNS), and without special static configuration of a network host. SSDP is the basis of the discovery protocol of [[Universal Plug and Play]] (UPnP) and is intended for use in residential or small office environments. It was formally described in an [[IETF Internet Draft]] by [[Microsoft]] and [[Hewlett-Packard]] in 1999. Although the IETF proposal has since expired (April, 2000),<ref>[https://tools.ietf.org/html/draft-cai-ssdp-v1-03 IETF draft revision 3] (outdated and expired)</ref> SSDP was incorporated into the UPnP protocol stack, and a description of the final implementation is included in UPnP standards documents.<ref name="uda-v1.0">{{Cite web |date=2008-10-15 |title=UPnP Device Architecture v1.0 |url=http://upnp.org/specs/arch/UPnP-arch-DeviceArchitecture-v1.0.pdf |website=upnp.org |publisher=UPnP Forum}}</ref><ref name="uda-v1.1">{{Cite web |date=2008-10-15 |title=UPnP Device Architecture v1.1 |url=https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v1.1.pdf |website=openconnectivity.org |publisher=UPnP Forum}}</ref><ref name="uda-v2.0">{{Cite web |date=2020-04-17 |title=UPnP Device Architecture v2.0 |url=https://openconnectivity.org/upnp-specs/UPnP-arch-DeviceArchitecture-v2.0-20200417.pdf |website=openconnectivity.org |publisher=[[Open Connectivity Foundation|OCF]]}}</ref>

==Protocol transport and addressing==
SSDP is a text-based protocol based on [[HTTPU]], which uses [[User Datagram Protocol|UDP]] as the underlying transport protocol. Services are announced by the hosting system with [[multicast]] addressing to a specifically designated [[IP multicast]] address at UDP [[port number]] 1900. In [[IPv4]], the multicast address is {{IPaddr|239.255.255.250}}<ref>{{cite web|url=https://www.iana.org/assignments/multicast-addresses/|title=Internet Multicast Addresses|publisher=IANA|date=2010-06-22}}</ref> and SSDP over [[IPv6]] uses the address set {{IPaddr|ff0x::c}} for all scope ranges indicated by {{var|x}}.<ref>{{cite web|url=https://www.iana.org/assignments/ipv6-multicast-addresses/|title=Internet Protocol Version 6 Multicast Addresses|publisher=IANA|access-date=2010-08-10}}</ref>

This results in the following ''well-known'' practical multicast addresses for SSDP:
* {{IPaddr|239.255.255.250}} (IPv4 site-local address)
* {{IPaddr|ff02::c}} (IPv6 [[Link-local address|link-local]])
* {{IPaddr|ff05::c}} (IPv6 site-local)
Additionally, applications may use the source-specific multicast addresses derived from the local IPv6 routing prefix, with group ID ''c'' (decimal 12).

SSDP uses the HTTP method ''NOTIFY'' to announce the establishment or withdrawal of services (presence) information to the multicast group. A client that wishes to discover available services on a network uses method ''M-SEARCH''. Responses to such search requests are sent via unicast addressing to the originating address and port number of the multicast request.

Microsoft's IPv6 SSDP implementations in [[Windows Media Player]] and Server use the link-local scope address. Microsoft uses port number 2869 for event notification and event subscriptions. However, early implementations of SSDP also used port 5000 for this service.<ref>[https://support.microsoft.com/en-us/help/832017 Microsoft Knowledge Base Article 832017]</ref>

==DDoS attack==
In 2014 it was discovered that SSDP was being used in [[DDoS]] attacks known as an ''SSDP reflection attack with amplification''. Many devices, including some residential routers, have a vulnerability in the UPnP software that allows an attacker to get replies from [[List of TCP and UDP port numbers|port number 1900]] to a destination address of their choice. With a [[botnet]] of thousands of devices, the attackers can generate sufficient packet rates and occupy bandwidth to saturate links, causing the denial of services.<ref>[https://msisac.cisecurity.org/guidelines/documents/guide_to_ddos_attacks_updated.pdf Guide to DDoS Attacks, pg 8]</ref><ref>{{cite web|url=https://www.us-cert.gov/ncas/alerts/TA14-017A|title=UDP-Based Amplification Attacks|date=18 December 2019 }}</ref><ref name=":0" /> The network company [[Cloudflare]] has described this attack as the "Stupidly Simple DDoS Protocol".<ref name=":0">{{Cite web|url=https://blog.cloudflare.com/ssdp-100gbps/|title=Stupidly Simple DDoS Protocol (SSDP) generates 100 Gbps DDoS|date=2017-06-28|website=The Cloudflare Blog|language=en|access-date=2019-10-13}}</ref>

== Firefox vulnerability ==
[[Firefox for Android]] prior to version 79 did not properly validate the schema of the [[URL]] received in SSDP and were vulnerable to remote code execution. An attacker on the same network could create a malicious server pretending to be a device supporting casting, but instead of a configuration file it would return an <code>intent://</code> URL. Firefox would launch the intent (if it was supported by the device) and thus would execute arbitrary code. This is not a bug with SSDP, just an improper validation performed by Firefox casting service.<ref>{{Cite web|last=Cimpanu|first=Catalin|title=Firefox bug lets you hijack nearby mobile browsers via WiFi|url=https://www.zdnet.com/article/firefox-bug-lets-you-hijack-nearby-mobile-browsers-via-wifi/|access-date=2020-09-19|website=ZDNet|language=en}}</ref>

==See also==
* [[Service Location Protocol]]
* [[Jini]]
* [[Zero-configuration networking]]
* [[Neighbor Discovery Protocol]]
* [[Discovery and Launch]]
* [[WS-Discovery]]

==References==
{{reflist}}

[[Category:Windows communication and services]]
[[Category:Application layer protocols]]
[[Category:Service discovery protocols]]