I woke up to find an abuse letter in a new seedbox I hadn’t even begun using regarding the fact SSDP was enabled on my server
here is the letter (in english as this was the German government sending me this )
Dear Sir or Madam,
the Simple Service Discovery Protocol (SSDP) is a network protocol
for advertisement and discovery of network services and presence
information. SSDP is the basis of the discovery protocol of
Universal Plug and Play (UPnP). SSDP usually uses port 1900/udp.
In the past months, systems responding to SSDP requests from the
Internet have been increasingly abused for participating in
DDoS reflection/amplification attacks.
The Shadowserver ‘Open SSDP Scanning Project’ identifies systems
responding to SSDP requests from the Internet which can be abused
for DDoS reflection/amplification attacks if no countermeasures
have been implemented.
Shadowserver provides CERT-Bund with the test results for IP addresses
hosted in Germany for notifying the owners of the affected systems.
Futher information on the tests run by Shadowserver is available
Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the system was tested
and responded to SSDP requests from the Internet.
We would like to ask you to check this issue and take appropriate
steps to secure the SSDP services on the affected systems or
notify your customers accordingly.
If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.
 Wikipedia: Simple Service Discovery Protocol
 Shadowserver: Open SSDP Scanning Project
 Arbor Networks: Zunahme von DDoS-Angriffen mittels SSDP
 Sucuri: Quick Analysis of a DDoS Attack Using SSDP
 US-CERT: UDP-based Amplification Attacks
This message is digitally signed using PGP.
Details on the signature key used are available on our website at: