mDNS Detection (Remote Network)
Contents
参考资料
https://www.trustwave.com/Resources/SpiderLabs-Blog/mDNS—Telling-the-world-about-you-(and-your-device)/
https://www.tenable.com/plugins/nessus/12218
5353/udp
Multicast DNS (mDNS) rfc6762
Nessus 反馈
修改了 IP 与 MAC 地址信息
Nessus was able to extract the following information :
- mDNS hostname : rhel57-app-169-114.local.
- Advertised services :
o Service name : rhel57-app-169-114 [00:ff:ff:ff:ff:ce]._workstation._tcp.local.
Port number : 9
- CPU type : X86_64
- OS : LINUX
检测方式
1 nmap
2 metasploit
3 nessus
#
nmap -n -vvv -Pn -sU -p 5353 --sciprt "dns-service-discovery" <target_ip>
nmap -n -vvv -Pn -sU -p 5353 -sV --version-intensity 9 <target_ip>
nmap -n -vvv -Pn -sU -p 5353 -sV --version-intensity 9 --script "*" <target_ip>
也可以考虑用 Metasploit 检测
https://www.rapid7.com/db/modules/auxiliary/scanner/mdns/query
或者重新配置 Nessu 复测扫描任务。
临时修复方案
在 受害主机上,使用 iptables 直接丢弃 入向 5353/udp 的流量。
https://www.cyberciti.biz/faq/iptables-block-port/
iptables -p udp --destination-port 5353 -j DROP
Leave a Reply