Hi, I’ve received several email concerning a multicast dns error:
We have been alerted on four separate occasions that a device connected to your home network has been identified as having a potential Multicast DNS vulnerability.
Multicast DNS is commonly used to share music and video streaming services between devices on your home network. When exposed to the wider Internet, it can be misused by 3rd parties in order to commit abuse.
I have reset my PC’s firewall & blocked the recommended port but I still receive the email. The IP address is Virginmedia & doesn’t seem to point to a specific device.
Nothing has changed. None of my other devices have a firewall so I cannot block those.
I don’t share music or stream from the PC but do use bluetooth speakers.
I checked on how to add the port to the router’s firewall but this doesn’t seem to be possible.
Thanks,
1 ACCEPTED SOLUTION
Accepted Solutions
Try the following:
- sign into Hub
Backup Hub configuration - select Admin > Reload and Reboot > Backup (located under Backup configuration settings) and save
NB keep the backup file somewhere safe and to restore select Admin > Reload and Reboot > Select file (located under Reload configuration settings), select the configuration backup and then Reload to restore
Amend DHCP IP Address range such that IP Address to be used for port forward block is never allocate to a device - select Advanced > DHCP and change Number of CPEs to 252:
FYI this will leave 192.168.0.254 unallocated
Forward port 5353/UDP to unallocated IP Address - select Advanced > Security > Port forwarding > Create a new rule, enter the following and then select Add rule:
I have added my PS5 to DMZ as it would not connect to Residentevil.net.
Hackertarget.com:
Starting Nmap 7.40 ( https://nmap.org ) at 2022-12-08 18:24 UTC Nmap scan report for Host is up (0.11s latency). PORT STATE SERVICE 53/udp closed domain 69/udp closed tftp 123/udp closed ntp 161/udp closed snmp 1900/udp closed upnp 5353/udp open zeroconf 11211/udp closed memcache Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds
If I disable DMZ:
Starting Nmap 7.40 ( https://nmap.org ) at 2022-12-08 18:28 UTC Nmap scan report for Host is up (0.10s latency). PORT STATE SERVICE 53/udp open|filtered domain 69/udp open|filtered tftp 123/udp open|filtered ntp 161/udp closed snmp 1900/udp open|filtered upnp 5353/udp open|filtered zeroconf 11211/udp open|filtered memcache Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
Thanks but it’s confusing to me. Never having dealt with this before I’m unsure on how to block the port under the router.
Which router are you using?
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click 
Hub 3. No third party router.
Try the following:
- sign into Hub
Backup Hub configuration - select Admin > Reload and Reboot > Backup (located under Backup configuration settings) and save
NB keep the backup file somewhere safe and to restore select Admin > Reload and Reboot > Select file (located under Reload configuration settings), select the configuration backup and then Reload to restore
Amend DHCP IP Address range such that IP Address to be used for port forward block is never allocate to a device - select Advanced > DHCP and change Number of CPEs to 252:
FYI this will leave 192.168.0.254 unallocated
Forward port 5353/UDP to unallocated IP Address - select Advanced > Security > Port forwarding > Create a new rule, enter the following and then select Add rule:
Thank you, hopefully I’ll not receive any further emails from VM. 🙂
This is the new Hackertarget scan, I’ve re added the PS5 to DMZ:
Starting Nmap 7.40 ( https://nmap.org ) at 2022-12-11 14:56 UTC Nmap scan report for Host is up (0.11s latency). PORT STATE SERVICE 53/udp closed domain 69/udp closed tftp 123/udp closed ntp 161/udp closed snmp 1900/udp closed upnp 5353/udp open|filtered zeroconf 11211/udp closed memcache
Thanks but I don’t have Spotify installed.
