on 08-12-2022 14:41
Hi, I’ve received several email concerning a multicast dns error:
We have been alerted on four separate occasions that a device connected to your home network has been identified as having a potential Multicast DNS vulnerability.
Multicast DNS is commonly used to share music and video streaming services between devices on your home network. When exposed to the wider Internet, it can be misused by 3rd parties in order to commit abuse.
I have reset my PC’s firewall & blocked the recommended port but I still receive the email. The IP address is Virginmedia & doesn’t seem to point to a specific device.
Nothing has changed. None of my other devices have a firewall so I cannot block those.
I don’t share music or stream from the PC but do use bluetooth speakers.
I checked on how to add the port to the router’s firewall but this doesn’t seem to be possible.
Thanks,
Answered! Go to Answer
on 11-12-2022 14:19
Try the following:
08-12-2022 18:27 - edited 08-12-2022 18:29
I have added my PS5 to DMZ as it would not connect to Residentevil.net.
Hackertarget.com:
Starting Nmap 7.40 ( https://nmap.org ) at 2022-12-08 18:24 UTC Nmap scan report for Host is up (0.11s latency). PORT STATE SERVICE 53/udp closed domain 69/udp closed tftp 123/udp closed ntp 161/udp closed snmp 1900/udp closed upnp 5353/udp open zeroconf 11211/udp closed memcache Nmap done: 1 IP address (1 host up) scanned in 1.56 seconds
If I disable DMZ:
Starting Nmap 7.40 ( https://nmap.org ) at 2022-12-08 18:28 UTC Nmap scan report for Host is up (0.10s latency). PORT STATE SERVICE 53/udp open|filtered domain 69/udp open|filtered tftp 123/udp open|filtered ntp 161/udp closed snmp 1900/udp open|filtered upnp 5353/udp open|filtered zeroconf 11211/udp open|filtered memcache Nmap done: 1 IP address (1 host up) scanned in 2.36 seconds
on 08-12-2022 18:37
I can only suggest this previously "sticky" post as a place to start seeking a resolution:
on 08-12-2022 18:50
on 11-12-2022 13:13
Which router are you using?
--
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer and solved, or use Kudos to say thanks
on 11-12-2022 13:33
on 11-12-2022 14:19
Try the following:
11-12-2022 14:50 - edited 11-12-2022 14:58
Thank you, hopefully I’ll not receive any further emails from VM. 🙂
This is the new Hackertarget scan, I’ve re added the PS5 to DMZ:
Starting Nmap 7.40 ( https://nmap.org ) at 2022-12-11 14:56 UTC Nmap scan report for Host is up (0.11s latency). PORT STATE SERVICE 53/udp closed domain 69/udp closed tftp 123/udp closed ntp 161/udp closed snmp 1900/udp closed upnp 5353/udp open|filtered zeroconf 11211/udp closed memcache
on 20-01-2023 18:33
I've contacted shadowserver.org to ask about mDNS on my IP, and it's Spotify.
The report doesn't give a whole lot of identifying information, but rather only says "_spotify-connect._tcp.local.". So, I can at least tell you that Spotify is the culprit, but I can't tell you /what/ device the Spotify service is running on. Hope this helps,
So at least I know there's no intrusion.
on 21-01-2023 20:00