可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html
Open mDNS Scanning Project
来自:https://mdns.shadowserver.org/
If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).
The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.
These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.
Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.
Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.
Methodology
We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org
If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.
Whitelisting
To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html
Useful Links
- Blog Summary: http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
- Get reports on your network: https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
- Current Whitelist: https://mdns.shadowserver.org/exclude.html
Scan Status
The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.
Statistics on current run
763,855 distinct IPs responded to our mDNS query.
Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.
Top 20 Countries With mDNS Accessible
| Country | Total |
|---|---|
| South Africa | 260,299 |
| United States | 109,935 |
| Korea, Republic of | 45,438 |
| China | 44,335 |
| Hong Kong | 31,917 |
| France | 27,609 |
| Taiwan | 21,223 |
| Japan | 21,099 |
| Germany | 18,376 |
| Italy | 14,397 |
| Canada | 14,352 |
| Netherlands | 12,987 |
| United Kingdom | 12,839 |
| Brazil | 10,355 |
| Russian Federation | 9,874 |
| Poland | 7,196 |
| Spain | 7,043 |
| Sweden | 6,191 |
| Belgium | 5,567 |
| India | 4,509 |
Top 20 ASNs With mDNS Accessible
| ASN | AS Name | Country | Total |
|---|---|---|---|
| AS37353 | MacroLAN, | ZA | 258,984 |
| AS4766 | KIXS-AS | KR | 18,417 |
| AS9318 | SKB | KR | 14,450 |
| AS7922 | COMCAST-7922 | US | 12,489 |
| AS9304 | HUTCHISON-AS | HK | 11,214 |
| AS4134 | CHINANET | CN | 10,847 |
| AS3462 | HINET | TW | 10,527 |
| AS14061 | DIGITALOCEAN-ASN | US | 9,824 |
| AS16276 | OVH, | FR | 9,788 |
| AS36351 | SOFTLAYER | US | 8,625 |
| AS3215 | AS3215, | FR | 8,309 |
| AS3269 | ASN | IT | 7,850 |
| AS63949 | LINODE | US | 7,589 |
| AS9269 | HKBN-AS | HK | 6,793 |
| AS4760 | HKTIMS | HK | 5,854 |
| AS1659 | ERX-TANET | TW | 5,532 |
| AS4837 | CHINA169 | CN | 5,075 |
| AS7018 | ATT-INTERNET4 | US | 4,811 |
| AS18116 | HGC-AS | HK | 4,679 |
| AS12322 | PROXAD, | FR | 4,212 |
Hosts with _workstation._tcp.local Exposed
(Click image to enlarge)
If you would like to see more regions click here
Hosts with _http._tcp.local Exposed
(Click image to enlarge)
If you would like to see more regions click here
All mDNS Responses
(Click image to enlarge)
Hosts with _workstation._tcp.local Exposed
(Click image to enlarge)
Hosts with _http._tcp.local Exposed
(Click image to enlarge)
可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html的更多相关文章
- MDNS DDoS 反射放大攻击——攻击者假冒被攻击者IP向网络发送DNS请求,域名为“_services._dns-sd._udp.local”,这将引起本地网络中所有提供服务的主机都向被攻击者IP发送DNS响应,列举网络中所有服务
MDNS Reflection DDoS 2015年3月,有报告叙述了mDNS 成为反射式和放大式 DDoS 攻击中所用媒介的可能性,并详述了 mDNS 反射式攻击的原理和相应防御方式.Q3,Akam ...
- CentOS7查看开放端口命令
CentOS7查看开放端口命令 CentOS7的开放关闭查看端口都是用防火墙来控制的,具体命令如下: 查看已经开放的端口: /tcp --permanent 命令含义: –zone #作用域 –a ...
- MDNS的漏洞报告——mdns的最大问题是允许广域网的mdns单播查询,这会暴露设备信息,或者被利用用于dns放大攻击
Vulnerability Note VU#550620 Multicast DNS (mDNS) implementations may respond to unicast queries ori ...
- entOS7查看开放端口命令
CentOS7的开放关闭查看端口都是用防火墙来控制的,具体命令如下: 查看已经开放的端口: firewall-cmd --list-ports 开启端口 firewall-cmd --zone=/tc ...
- CentOS7查看开放端口命令及开放端口号
CentOS 7查看以开放端口命令:firewall-cmd —list-ports 查看端口是否开放命令:第一个方法就是使用lsof -i:端口号命令行,例如lsof -i:80.如果没有任何信息输 ...
- Centos7 防火墙开放端口,查看状态,查看开放端口
CentOS7 端口的开放关闭查看都是用防火墙来控制的,具体命令如下: 查看防火墙状态:(active (running) 即是开启状态) [root@WSS bin]# systemctl fire ...
- linux命令查看开放哪些端口
netstat -nupl (UDP类型的端口)netstat -ntpl (TCP类型的端口) a 表示所有 n表示不查询dns t表示tcp协议 u表示udp协议 p表示查询占用的程序 l表示查询 ...
- linux下查看开放的端口
Nmap是一款针对大型网络的端口扫描工具,它也适用于单机扫描,它支持很多扫描,也同时支持性能和可靠性统计. [root@localhost ~]# yum install namp [root@loc ...
- jquery图片查看插件,支持旋转、放大、缩小、拖拽、缩略图(仿qq图片查看)
最近做了一个jquery图片查看的插件,目的是能精确查看图片的详情,插件支持图片旋转.放大.缩小.拖拽.缩略图显示,界面效果是按照window的qq查看图片功能写的,当然不尽相同. 具体功能: 1. ...
随机推荐
- HDU 2865
和上题一样,但K较大,不能直接用矩阵来写.这个矩阵必定是这个形式的. 0 1 1 1 1 0 1 1 1 1 0 1 1 1 1 0 分成对角线上元素B与非对角线上元素A k: 1 2 3 4 ... ...
- leetcode第一刷_Reverse Linked List II
翻转链表绝对是终点项目,应该掌握的,这道题要求的是翻转一个区间内的节点.做法事实上非常相似,仅仅只是要注意判定開始是头的特殊情况,这样head要更新的,还有就是要把翻转之后的尾部下一个节点保存好,要么 ...
- JSP简单练习-上传文件
注意:在编写上传文件的代码时,需确保"WEB-INF/lib"下含有jspsmartupload.jar包.否则会出错. jspSmartupload.jar下载 <!-- ...
- RedHat6.5 安装OpenStack all in one-RDO方式
OpenStack是一个开源的云平台.由各个组件协同工作,安装非常复杂. RedHat有个关于Openstack的项目RDO,能够简化安装过程,可是假设真按RDO所说的三步去安装,发现安装过程中还是有 ...
- iOS 常见小问题
1. iOS 编译后上下有黑边 ? 缺少启动图片 2.Failed to instantiate the default view controller for UIMainStoryboardFil ...
- POJ 3657 并查集
题意: 思路: 1.二分+线段树(但是会TLE 本地测没有任何问题,但是POJ上就是会挂--) 2.二分+并查集 我搞了一下午+一晚上才搞出来----..(多半时间是在查错) 首先 如果我们想知道这头 ...
- SAS拆分数据集
2012年8月8日 主要是根据选取条件来进行拆分 1.根据行数来选: data test; set oldset; if _n_=10 then output; if id="001&quo ...
- 「JavaSE 重新出发」01. Java介绍
「白皮书」关键术语 简单性(C++--) 面向对象 分布式 健壮性 安全性 体系结构中立 可移植性 解释型 高性能 多线程 动态性 Java 发展历程 SUN公司--Stanford Universi ...
- python下载网页转化成pdf
最近在学习一个网站补充一下cg基础.但是前几天网站突然访问不了了,同学推荐了waybackmachine这个网站,它定期的对网络上的页面进行缓存,但是好多图片刷不出来,很憋屈.于是网站恢复访问后决定把 ...
- ActiveMQ学习笔记(16)----Message Dispatch高级特性(二)
1. Optimized Acknowledgetment ActiveMQ缺省支持批量确认消息,由于批量确认会提高性能,如果希望在应用程序中禁止经过优化的确认方式,可以采用以下几种方式: 1. 在C ...