About Multicast DNS (mDNS)


Multicast DNS (mDNS)

Vulnerable computer systems and applications:

Poorly configured systems that use DNS services (routers, printers, online storage (NAS), Windows, and Linux operating systems).

Description:

The multicast DNS (mDNS) protocol is used to search for automatic devices or services on a local network. It allows devices to easily detect and exchange information about devices and services. Sometimes, the mDNS server responds to individual requests from an external network to a local network. This response may issue too much information about the devices on the network. Furthermore, the amount of information is sufficient to execute a Denial of Service against other users on the Internet.

Recommendations:

  • Block the access to/from the local network via a 5353 UDP port;
  • When not in use, disable mDNS service.