About Multicast DNS (mDNS)
Multicast DNS (mDNS)
Vulnerable computer systems and applications:
Poorly configured systems that use DNS services (routers, printers, online storage (NAS), Windows, and Linux operating systems).
Description:
The multicast DNS (mDNS) protocol is used to search for automatic devices or services on a local network. It allows devices to easily detect and exchange information about devices and services. Sometimes, the mDNS server responds to individual requests from an external network to a local network. This response may issue too much information about the devices on the network. Furthermore, the amount of information is sufficient to execute a Denial of Service against other users on the Internet.
Recommendations:
- Block the access to/from the local network via a 5353 UDP port;
- When not in use, disable mDNS service.