Menu
Reply
  • 22
  • 0
  • 1
cwatty
Tuning in
222 Views
Message 1 of 7
Flag for a moderator

Multicast DNS Letters (4 received so far)

Okay since the beginning of the year, I have now received 4 Letters warning me of a Multicast DNS Vulnerability on my Home Network. I know exactly what the cause of this is, it's the Playstation 4 being placed into the DMZ mode of my Asus NT66U Router. I have the Virgin Media Super Hub 2 but only have ever used this in Modem Only Mode, because well frankly all the super hubs are lousy routers.

Now early in the year I re-added the Playstation 4 to the DMZ in my Asus Router because I was starting to get issues with online gaming and more specifically being able to access it remotely by Remote Play Applications on other devices and when on other networks away from home. Adding it to the DMZ fixed all these issues and the PS4 performs so much better. However I have of course now started receiving these letters again. I would just like to tell them and Shadowserver to jog on and stop hassling me about this, or better yet perhaps they should hassle Sony instead to fix the issue on the Playstation 4 with a firmware update or something. Especially as I don't even have the Spotify Application installed on my PS4 which when you google search the issue seems to be why the port 5353 is open on the device.

I however have tried to fix the issue within my Asus Router configuration page. In my Router's Port Forwarding Settings I have added a Rule so that the PS4 is forwarding anything related to Port 5353 to a non-existent network device on a fixed IP Address of 192.168.0.253 which should fix the problem correct?

I've also added an entry into the Network Service Filter Black List of my Router's Firewall that again any communication on Port 5353 from the PS4 should be blocked to any and all IP Address LAN or WAN 24/7.

So there should be no way that the PS4 should still be communicate to anything or anyone via this port. Unless I'm doing something wrong in my Router Configuration in which case I'm open to help on how to fix this issue, to save on Virgin having to send anymore of these letters.

0 Kudos
Reply
  • 374
  • 34
  • 106
DreamOfCheese
Superfast
216 Views
Message 2 of 7
Flag for a moderator

Re: Multicast DNS Letters (4 received so far)

You really shouldn't be needing to add your PS4 to a DMZ if your routers UPnP implementation is working correctly.

Telling Virgin/Shadowserver to 'jog on' does not fix the vulnerability in your network caused by having an mDNS instance accessible via WAN as at best it allows someone to map your network, and at worst it allows your connection to be used for reflected denial of service attacks
For Sony to fix it with a firmware update it'd need to be an issue with the firmware, and it isn't. The issue is created by having the console exposed via DMZ.

Adding a port forward for 5353 to a non-existent LAN address like you have done should be adequate in closing down incoming communications to the PS4 mDNS service.
0 Kudos
Reply
  • 22
  • 0
  • 1
cwatty
Tuning in
207 Views
Message 3 of 7
Flag for a moderator

Re: Multicast DNS Letters (4 received so far)

That's what I thought regarding the LAN Address however, when I do a scan of the network, I'm still getting this back:

5353/udp open zeroconf

So I'm not sure what else to try on my Asus Router to block that off and close it.
0 Kudos
Reply
  • 374
  • 34
  • 106
DreamOfCheese
Superfast
206 Views
Message 4 of 7
Flag for a moderator

Re: Multicast DNS Letters (4 received so far)

What are you using to do the scan and are you doing it from an external network?
  • 22
  • 0
  • 1
cwatty
Tuning in
202 Views
Message 5 of 7
Flag for a moderator

Re: Multicast DNS Letters (4 received so far)

I'm using the site https://hackertarget.com/udp-port-scan/  to do the scan and doing it from my mobile phone that's not on my home network.

0 Kudos
Reply
  • 374
  • 34
  • 106
DreamOfCheese
Superfast
198 Views
Message 6 of 7
Flag for a moderator

Re: Multicast DNS Letters (4 received so far)

Since that site does the scan from their server you can just do it on your PC browser, however yeah if that's coming back as "open" and not "open|filtered" for 5353 then the problem still remains.

Generally a router would process the port forwarding rules before defaulting to the DMZ, it's possible yours isn't doing this for some reason.
  • 11.61K
  • 417
  • 1.02K
legacy1
Alessandro Volta
194 Views
Message 7 of 7
Flag for a moderator

Re: Multicast DNS Letters (4 received so far)


@cwatty wrote:

I'm using the site https://hackertarget.com/udp-port-scan/  to do the scan and doing it from my mobile phone that's not on my home network.


That site for scanning the UDP port 5353 is wrong.

 

 

0 Kudos
Reply