Some consumer-level equipment uses SSDP for network discovery. It has no real use on public servers and is used to launch reflection DDoS attacks against dedicated servers.
On Windows machines, SSDP is run through the ‘SSDP Discovery’ service. To disable this:
Click Start, type services.msc
Find the SSDP service, right-click it, and choose Properties
Change Startup Type to Disabled
Click Stop
Click OK
On Linux machines, SSDP is generally run through some type of UPNP server. The exact one varies significantly.
For Linux, we suggest blocking this with an iptables rule, such as:
iptables -I INPUT 1 -p udp -m udp –dport 1900 -j DROP