On 24/05/14 04:11, ToddAndMargo wrote:
Seems I have already look at 5353 once before. From
one of my penetration reports:
Port 5353/udp (zeroconf) is registered to the Link
Local Multicast Name Resolution (LLMNR) service.
It is part of how Windows computers identify themselves
to each other on a local area network and is part of
the normal operation of the Windows XP Operating System.
Further information can be found at:
https://en.wikipedia.org/wiki/LLMNR
mDNS can be used to much more as well when combing it with DNS-SD [1], like
telling other hosts what kind of services each boxes provides. mDNS coupled
with DNS-SD is quite a beast, avahi-daemon provides the same functionality on
Linux boxes as well.
[1]
<http://en.wikipedia.org/wiki/Zero_configuration_networking#Service_discovery>
But it's also possible to provide DNS-SD using a normal DNS server as well,
which can be suitable to announce services on servers you don't want to have
avahi-daemon running.
It can surely be quite handy, but if you're concerned about security [2] it
surely has it challenges there too. I generally block port 5353 (tcp and udp)
on all my boxes when they're not on a network I fully trust. And I also
carefully configure avahi-daemon (/etc/avahi/avahi-daemon.conf) too, if I want
avahi-daemon running.
[2] <http://en.wikipedia.org/wiki/Zero_configuration_networking#Security_issues>
--
kind regards,
David Sommerseth
