Neurohazard
暮雲煙月,皓首窮經;森羅萬象,如是我聞。

【主机漏洞】 mDNS Detection (Remote Network)

wpadmin~July 20, 2018 /InfoSec

mDNS Detection (Remote Network)

Contents

参考资料

https://www.trustwave.com/Resources/SpiderLabs-Blog/mDNS—Telling-the-world-about-you-(and-your-device)/
https://www.tenable.com/plugins/nessus/12218

5353/udp
Multicast DNS (mDNS) rfc6762

Nessus 反馈

修改了 IP 与 MAC 地址信息

Nessus was able to extract the following information :

  - mDNS hostname       : rhel57-app-169-114.local.

  - Advertised services :
    o Service name      : rhel57-app-169-114 [00:ff:ff:ff:ff:ce]._workstation._tcp.local.
      Port number       : 9

  - CPU type            : X86_64
  - OS                  : LINUX

检测方式

1 nmap
2 metasploit
3 nessus

#
nmap -n -vvv -Pn -sU -p 5353 --sciprt "dns-service-discovery" <target_ip>
nmap -n -vvv -Pn -sU -p 5353 -sV --version-intensity 9 <target_ip>
nmap -n -vvv -Pn -sU -p 5353 -sV --version-intensity 9 --script "*" <target_ip>

也可以考虑用 Metasploit 检测
https://www.rapid7.com/db/modules/auxiliary/scanner/mdns/query

或者重新配置 Nessu 复测扫描任务。

临时修复方案

在 受害主机上,使用 iptables 直接丢弃 入向 5353/udp 的流量。
https://www.cyberciti.biz/faq/iptables-block-port/

iptables -p udp --destination-port 5353 -j DROP

Leave a Reply

Your email address will not be published. Required fields are marked *