本文共 2179 字,大约阅读时间需要 7 分钟。
Multicast DNS (mDNS) implementations may respond to unicast queries originating from sources outside the local link network. Such responses can disclose sensitive network device information and be exploited for denial-of-service (DoS) amplification attacks.
Multicast DNS is designed to allow devices on a local link network to automatically discover services and devices. However, certain mDNS implementations may incorrectly respond to unicast queries from outside the local network (e.g., the WAN). This behavior can expose device information and facilitate DoS attacks due to the larger response size compared to the query.
A response to a unicast query from outside the local link can reveal device details like model numbers and operating systems. Additionally, the larger response size can be used for DoS amplification attacks.
Block Inbound and Outbound mDNS on the WAN
If your organization does not require mDNS functionality, consider blocking UDP port 5353 for both inbound and outbound traffic on your WAN. This prevents mDNS queries from entering or leaving the local network.Disable mDNS Services
Some software and devices allow disabling mDNS services. Consult your vendor for details on how to disable mDNS in your specific setup.The following vendors have been identified as potentially affected:
| Vendor | Status | Notified | Updated |
|---|---|---|---|
| Avahi mDNS | - | 31 Mar 2015 | |
| Canon | 10 Feb 2015 | 08 Apr 2015 | |
| HP | 10 Feb 2015 | 20 Mar 2015 | |
| IBM | 10 Feb 2015 | 31 Mar 2015 | |
| Synology | 10 Feb 2015 | 31 Mar 2015 | |
| Cisco | 10 Feb 2015 | 31 Mar 2015 | |
| Citrix | 10 Feb 2015 | 25 Mar 2015 | |
| D-Link | 10 Feb 2015 | 20 Mar 2015 | |
| F5 | 10 Feb 2015 | 31 Mar 2015 | |
| Microsoft | 10 Feb 2015 | 09 Mar 2015 | |
| Ricoh | 10 Feb 2015 | 15 May 2015 | |
| Apple | 10 Feb 2015 | 10 Feb 2015 | |
| CentOS | 10 Feb 2015 | 10 Feb 2015 | |
| Debian | 10 Feb 2015 | 10 Feb 2015 | |
| Dell | 10 Feb 2015 | 10 Feb 2015 |
| Group | Score | Vector |
|---|---|---|
| Base | 6.4 | AV:N/AC:L/Au:N/C:P/I:N/A:P |
| Temporal | 5.2 | E:POC/RL:W/RC:UR |
| Environmental | 3.9 | CDP:ND/TD:M/CR:ND/IR:ND/AR:ND |
转载地址:http://smyfk.baihongyu.com/