Menu
Reply
inkx27
  • 14
  • 0
  • 0
On our wavelength
1,442 Views
Message 51 of 55
Flag for a moderator

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

Thanks for clarifying. It all makes sense now. For now I have just used option 1 and forwarded 5353 to an un used ip address. Hopefully this resolves the matter otherwise I will go for option 2 to specifically forward ps4 5353 incomings to a higher port number. 

Thanks again. 

Best,

V

0 Kudos
Reply
DJ-Daz
  • 3
  • 0
  • 0
Tuning in
90 Views
Message 52 of 55
Flag for a moderator

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

I have just received my second email, so I asked https://shadowserver.org to look into it for me.

They were pretty quick with the reply.

The report doesn't give a whole lot of identifying information, but rather only says "_spotify-connect._tcp.local.".

So, I can at least tell you that Spotify is the culprit, but I can't tell you /what/ device the Spotify service is running on.

Hope this helps,

So it's spotify, ironically spotify is run and partially owned by Daniel Ek. Who also ran Napster and  μTorrent, so no surprise when I discovered that Spotify caches songs locally and also streams them to other users. It's partially decentralised. Hence port 5353 mDNS.

Tags (2)
0 Kudos
Reply
用心棒
  • 7.9K
  • 878
  • 2.63K
Very Insightful Person
Very Insightful Person
72 Views
Message 53 of 55
Flag for a moderator

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

Did you try the port forwarding solution discussed earlier in this thread?

0 Kudos
Reply
DJ-Daz
  • 3
  • 0
  • 0
Tuning in
45 Views
Message 54 of 55
Flag for a moderator

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

I have, I've also deleted Spotify, I don't use it anyway.

5353 routed to .253

Hopefully that will stop any more emails.

0 Kudos
Reply
ravenstar68
  • 19.65K
  • 1.16K
  • 8.67K
Very Insightful Person
Very Insightful Person
34 Views
Message 55 of 55
Flag for a moderator

Re: mDNS and SSDP vulnerabilities a suggestion for devices in the DMZ

In the past we've found the Culprit to be the Spotify service on things like PS4 rather than PC

If you want to check you can download BIND and install just the tools - Which includes DIG

Once installed you can use DIG to find out which device the service is running on,

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply