Okay since the beginning of the year, I have now received 4 Letters warning me of a Multicast DNS Vulnerability on my Home Network. I know exactly what the cause of this is, it's the Playstation 4 being placed into the DMZ mode of my Asus NT66U Router. I have the Virgin Media Super Hub 2 but only have ever used this in Modem Only Mode, because well frankly all the super hubs are lousy routers.
Now early in the year I re-added the Playstation 4 to the DMZ in my Asus Router because I was starting to get issues with online gaming and more specifically being able to access it remotely by Remote Play Applications on other devices and when on other networks away from home. Adding it to the DMZ fixed all these issues and the PS4 performs so much better. However I have of course now started receiving these letters again. I would just like to tell them and Shadowserver to jog on and stop hassling me about this, or better yet perhaps they should hassle Sony instead to fix the issue on the Playstation 4 with a firmware update or something. Especially as I don't even have the Spotify Application installed on my PS4 which when you google search the issue seems to be why the port 5353 is open on the device.
I however have tried to fix the issue within my Asus Router configuration page. In my Router's Port Forwarding Settings I have added a Rule so that the PS4 is forwarding anything related to Port 5353 to a non-existent network device on a fixed IP Address of 192.168.0.253 which should fix the problem correct?
I've also added an entry into the Network Service Filter Black List of my Router's Firewall that again any communication on Port 5353 from the PS4 should be blocked to any and all IP Address LAN or WAN 24/7.
So there should be no way that the PS4 should still be communicate to anything or anyone via this port. Unless I'm doing something wrong in my Router Configuration in which case I'm open to help on how to fix this issue, to save on Virgin having to send anymore of these letters.
You really shouldn't be needing to add your PS4 to a DMZ if your routers UPnP implementation is working correctly.
Telling Virgin/Shadowserver to 'jog on' does not fix the vulnerability in your network caused by having an mDNS instance accessible via WAN as at best it allows someone to map your network, and at worst it allows your connection to be used for reflected denial of service attacks For Sony to fix it with a firmware update it'd need to be an issue with the firmware, and it isn't. The issue is created by having the console exposed via DMZ.
Adding a port forward for 5353 to a non-existent LAN address like you have done should be adequate in closing down incoming communications to the PS4 mDNS service.