Menu
Reply
Tuning in
  • 3
  • 0
  • 2
Registered: ‎16-04-2017
Message 21 of 22 (168 Views)

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

[ Edited ]

I've just received my first mDNS warning letter from VM, but I have my PS4 in DMZ. I'm not willing to disable DMZ, so I'd much prefer a different solution.

Can any PS4 users confirm port forwarding is successful with Super Hub 2? As per the suggestions here and in other topics, I've forwarded port 5353 to an unused local IP as follows:

PF5353.jpg

With the WAN IP, dig displays the following:

; <<>> DiG 9.10.4-P8 <<>> @81.**.**.** -p 5353 -t ptr _services._dns-sd._udp.
local
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached

However, the pentest-tools website reported:

Starting Nmap 6.00 ( http://****.org ) at 2017-04-16 11:41 EEST
Initiating Ping Scan at 11:41
Scanning 81.**.**.** [4 ports]
Completed Ping Scan at 11:41, 0.06s elapsed (1 total hosts)
Initiating UDP Scan at 11:41
Scanning ...cable.virginm.net (81.**.**.**) [1 port]
Discovered open port 5353/udp on 81.**.**.**
Completed UDP Scan at 11:41, 0.05s elapsed (1 total ports)

[+] Nmap scan report for ...cable.virginm.net (81.**.**.**)
Host is up (0.021s latency).

PORT     STATE SERVICE
5353/udp open  zeroconf

I also checked the nightlydev site, and it shows port 5353 as being open as well. I just can't make sense of this...

Using the PS4's local IP, dig reports:

; <<>> DiG 9.10.4-P8 <<>> @192.168.0.80 -p 5353 -t ptr _services._dns-sd._udp.lo
cal
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17641
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;_services._dns-sd._udp.local.  IN      PTR

;; ANSWER SECTION:
_services._dns-sd._udp.local. 10 IN     PTR     _spotify-connect._tcp.local.

;; Query time: 0 msec
;; SERVER: 192.168.0.80#5353(192.168.0.80)
;; WHEN: Sun Apr 16 09:49:19 GMT Daylight Time 2017
;; MSG SIZE  rcvd: 82

I don't use Spotify and haven't downloaded it onto the console, but it appears in the report above. Again, running dig using my WAN IP still shows "no servers can be reached", which I thought would mean the port 5353 issue was resolved. Can anyone offer some advice?

Reply
0 Kudos
Superuser
  • 12.62K
  • 632
  • 4.19K
Registered: ‎01-11-2009
Message 22 of 22 (93 Views)

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

Just as an update to the above post - which I missed.

Nino posted here - https://community.virginmedia.com/t5/Security-matters/Multicast-DNS-and-DMZ-problems/m-p/3398219

And port forwarding seems to have subsequently kicked in for him and blocked the port.

________________________________________


Only use Helpful answer if your problems been solved.

Reply
0 Kudos