Open mDNS Scanning Project

来自:https://mdns.shadowserver.org/

If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).

The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.

These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.

Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.

Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.

Methodology

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org

If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.

Whitelisting

To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html

Useful Links

Scan Status

The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.

Statistics on current run

763,855 distinct IPs responded to our mDNS query.

Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.

Top 20 Countries With mDNS Accessible

Country Total
South Africa 260,299
United States 109,935
Korea, Republic of 45,438
China 44,335
Hong Kong 31,917
France 27,609
Taiwan 21,223
Japan 21,099
Germany 18,376
Italy 14,397
Canada 14,352
Netherlands 12,987
United Kingdom 12,839
Brazil 10,355
Russian Federation 9,874
Poland 7,196
Spain 7,043
Sweden 6,191
Belgium 5,567
India 4,509

Top 20 ASNs With mDNS Accessible

ASN AS Name Country Total
AS37353 MacroLAN, ZA 258,984
AS4766 KIXS-AS KR 18,417
AS9318 SKB KR 14,450
AS7922 COMCAST-7922 US 12,489
AS9304 HUTCHISON-AS HK 11,214
AS4134 CHINANET CN 10,847
AS3462 HINET TW 10,527
AS14061 DIGITALOCEAN-ASN US 9,824
AS16276 OVH, FR 9,788
AS36351 SOFTLAYER US 8,625
AS3215 AS3215, FR 8,309
AS3269 ASN IT 7,850
AS63949 LINODE US 7,589
AS9269 HKBN-AS HK 6,793
AS4760 HKTIMS HK 5,854
AS1659 ERX-TANET TW 5,532
AS4837 CHINA169 CN 5,075
AS7018 ATT-INTERNET4 US 4,811
AS18116 HGC-AS HK 4,679
AS12322 PROXAD, FR 4,212

All mDNS Responses

(Click image to enlarge)

If you would like to see more regions click here

Hosts with _workstation._tcp.local Exposed

(Click image to enlarge)

If you would like to see more regions click here

Hosts with _http._tcp.local Exposed

(Click image to enlarge)

If you would like to see more regions click here

All mDNS Responses

(Click image to enlarge)

Hosts with _workstation._tcp.local Exposed

(Click image to enlarge)

Hosts with _http._tcp.local Exposed

(Click image to enlarge)

可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html的更多相关文章

  1. MDNS DDoS 反射放大攻击——攻击者假冒被攻击者IP向网络发送DNS请求,域名为“_services._dns-sd._udp.local”,这将引起本地网络中所有提供服务的主机都向被攻击者IP发送DNS响应,列举网络中所有服务

    MDNS Reflection DDoS 2015年3月,有报告叙述了mDNS 成为反射式和放大式 DDoS 攻击中所用媒介的可能性,并详述了 mDNS 反射式攻击的原理和相应防御方式.Q3,Akam ...

  2. CentOS7查看开放端口命令

    CentOS7查看开放端口命令   CentOS7的开放关闭查看端口都是用防火墙来控制的,具体命令如下: 查看已经开放的端口: /tcp --permanent 命令含义: –zone #作用域 –a ...

  3. MDNS的漏洞报告——mdns的最大问题是允许广域网的mdns单播查询,这会暴露设备信息,或者被利用用于dns放大攻击

    Vulnerability Note VU#550620 Multicast DNS (mDNS) implementations may respond to unicast queries ori ...

  4. entOS7查看开放端口命令

    CentOS7的开放关闭查看端口都是用防火墙来控制的,具体命令如下: 查看已经开放的端口: firewall-cmd --list-ports 开启端口 firewall-cmd --zone=/tc ...

  5. CentOS7查看开放端口命令及开放端口号

    CentOS 7查看以开放端口命令:firewall-cmd —list-ports 查看端口是否开放命令:第一个方法就是使用lsof -i:端口号命令行,例如lsof -i:80.如果没有任何信息输 ...

  6. Centos7 防火墙开放端口,查看状态,查看开放端口

    CentOS7 端口的开放关闭查看都是用防火墙来控制的,具体命令如下: 查看防火墙状态:(active (running) 即是开启状态) [root@WSS bin]# systemctl fire ...

  7. linux命令查看开放哪些端口

    netstat -nupl (UDP类型的端口)netstat -ntpl (TCP类型的端口) a 表示所有 n表示不查询dns t表示tcp协议 u表示udp协议 p表示查询占用的程序 l表示查询 ...

  8. linux下查看开放的端口

    Nmap是一款针对大型网络的端口扫描工具,它也适用于单机扫描,它支持很多扫描,也同时支持性能和可靠性统计. [root@localhost ~]# yum install namp [root@loc ...

  9. jquery图片查看插件,支持旋转、放大、缩小、拖拽、缩略图(仿qq图片查看)

    最近做了一个jquery图片查看的插件,目的是能精确查看图片的详情,插件支持图片旋转.放大.缩小.拖拽.缩略图显示,界面效果是按照window的qq查看图片功能写的,当然不尽相同. 具体功能: 1. ...

随机推荐

  1. ASP.NET-关于Global.asax的作用

    这个文件相当于一个应用程序量级的 全局文件,比如你想写一个变量在项目中的所有文件中都能读取是就写在这里面 Application["name"] = "zhangran& ...

  2. 随心所欲生成git仓库随意一段commit的专用patch应用小实践

     随心所欲生成git仓库随意一段commit的专用patch应用小实践 我们在开发中.时不时的可能要去做一个patch给你的下线,或者你的合作者.在git管理中,我们知道有git format-pat ...

  3. TYVJ 1541 八数码

    Orz双向搜索的cy大神 我用的是hash 也蛮快的 //By SiriusRen #include <queue> #include <cstdio> using names ...

  4. winforms控件

     我们在开发窗体应用时,控件是必不可少的今天我们就来认识一下控件 在认识控件之前还要先来认识一下窗体具体如下: 认识窗体和控件 窗体                                   ...

  5. PHP简介 变量 输出

    一.PHP概念 Hypertext Preprocessor 超文本预处理器,是一种开源脚本语言,语法吸收了C语言,Java,Perl的特点,用于web开发领域, PHP是将程序嵌入到Html文档中执 ...

  6. ActiveMQ学习笔记(22)----ActiveMQ的优化和使用建议

    1. 什么时候使用ActiveMQ 1. 异步通信 2. 一对多通信 3. 做个系统的集成,同构,异构 4. 作为RPC的替代 5. 多个应用相互解耦 6. 作为事件驱动架构的幕后支撑 7. 为了提高 ...

  7. ZBrush中常用3D笔触效果

    3D笔触共有6种绘制方式,分别为Dots(点).Drag Rect(拖拉矩形).Freehand(徒手绘制).Color Spray(彩色喷溅).Spray(喷溅)和Drag Dot(拖拽斑点). 1 ...

  8. 为什么maven 创建web工程不自动生成Deployment Descriptor:工程名

    上面图切换成下面图: 点击eclipse右上角,如下图红圈,然后在选择javaEE这样就切换成javaEE视图了 如果还是不能解决,相信这个链接对你有所帮助:https://www.cnblogs.c ...

  9. div控制最小高度又自适高度

    div控制最小高度又自适高度我们在用div布局的时候经常会遇到这样的一种情况:我们需要设置一个div的高度,当里面的东西超过这个高度时,让这个容器自动被撑开,也就是自适应高度.当里面的信息很少时候,我 ...

  10. tree 核心命令参数

    常用参数: -a  显示所有文件 包括隐藏文件 -d 只显示目录 -f 显示每个文件的全路径 -i 不显示树枝 常与-f一起搭配 -L 显示的层数 -F 区分哪个文件是目录 [root@ftp:/va ...