Sorry to resurrect this one again but I am on a third letter from VM regarding mDNS vulnerability.
I run a webserver with peronal cloud, pihole with recursive DNS (personal DNS server - this is NOT open to public only inside LAN), ssh, openvpn and media server etc. At the moment I have 80,443 (for web and openvpn - using port share option) and ssh port open which is not on 22, 53 or 5353. I also have a PS4 pro in DMZ and hence my interest in this thread and the responses. I also have upnp disabled.
So I have run exhaustive full port scans both on my Virgin IP, website and internal LAN network. From the outside world, 5353 is blocked and the only one open are the ones mentioned above and some ftp ones.
Having read the 5 pages of this thread there appears to be two solutions here.
1) create port forwarding rules for 5353 and 1900 and send them to an un-used ip so they get dumped.
2) find out which device is allowing mDNS which I guess I will need the report from ShadowServer or run more scans from the outside world to check which device is responding and then create port forward for the incoming 5353 and 1900 to a higher port number so they can be dropped.
At the moment I am considering using point 1 above and see if this stops the VM emails if not then I will go down the route of point 2.
Do you have guys generally agree this is the best way forward?
Thanks
V
