Open mDNS Scanning Project

来自:https://mdns.shadowserver.org/

If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).

The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.

These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.

Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.

Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.

Methodology

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org

If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.

Whitelisting

To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html

Useful Links

  • Blog Summary: http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
  • Get reports on your network: https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
  • Current Whitelist: https://mdns.shadowserver.org/exclude.html

Scan Status

The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.

Statistics on current run

763,855 distinct IPs responded to our mDNS query.

Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.

Top 20 Countries With mDNS Accessible

Country Total
South Africa 260,299
United States 109,935
Korea, Republic of 45,438
China 44,335
Hong Kong 31,917
France 27,609
Taiwan 21,223
Japan 21,099
Germany 18,376
Italy 14,397
Canada 14,352
Netherlands 12,987
United Kingdom 12,839
Brazil 10,355
Russian Federation 9,874
Poland 7,196
Spain 7,043
Sweden 6,191
Belgium 5,567
India 4,509

Top 20 ASNs With mDNS Accessible

ASN AS Name Country Total
AS37353 MacroLAN, ZA 258,984
AS4766 KIXS-AS KR 18,417
AS9318 SKB KR 14,450
AS7922 COMCAST-7922 US 12,489
AS9304 HUTCHISON-AS HK 11,214
AS4134 CHINANET CN 10,847
AS3462 HINET TW 10,527
AS14061 DIGITALOCEAN-ASN US 9,824
AS16276 OVH, FR 9,788
AS36351 SOFTLAYER US 8,625
AS3215 AS3215, FR 8,309
AS3269 ASN IT 7,850
AS63949 LINODE US 7,589
AS9269 HKBN-AS HK 6,793
AS4760 HKTIMS HK 5,854
AS1659 ERX-TANET TW 5,532
AS4837 CHINA169 CN 5,075
AS7018 ATT-INTERNET4 US 4,811
AS18116 HGC-AS HK 4,679
AS12322 PROXAD, FR 4,212

All mDNS Responses

(Click image to enlarge)

If you would like to see more regions click here

Hosts with _workstation._tcp.local Exposed

(Click image to enlarge)

If you would like to see more regions click here

Hosts with _http._tcp.local Exposed

(Click image to enlarge)

If you would like to see more regions click here

All mDNS Responses

(Click image to enlarge)

Hosts with _workstation._tcp.local Exposed

(Click image to enlarge)

Hosts with _http._tcp.local Exposed

(Click image to enlarge)

转载于:https://www.cnblogs.com/bonelee/p/7567310.html

可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html...相关推荐

  1. linux(2):linux命令查看开放哪些端口

    linux命令查看开放哪些端口 netstat -nupl (UDP类型的端口) netstat -ntpl (TCP类型的端口) a 表示所有 n表示不查询dns t表示tcp协议 u表示udp协议 ...

  2. CentOS7查看开放端口命令

    CentOS7查看开放端口命令 CentOS7的开放关闭查看端口都是用防火墙来控制的,具体命令如下: 查看已经开放的端口: Linux代码   firewall-cmd --list-ports 开启 ...

  3. linux 查看开放的端口以及开放端口并且永久开放端口的方法

    查看指定端口是否被占用,有输出则被占用,无输出则未占用 sudo lsof -i:8097 查看开放的端口 netstat -nupl 查看udp协议的端口号 netstat -ntpl 查看tcp协 ...

  4. CentOS7查看开放端口命令、查看端口占用情况和开启端口命令、杀掉进程

    文章目录 一.CentOS7查看开放端口命令 查看已经开放的端口 开启端口 命令含义 重启防火墙 停止firewall 禁止firewall开机启动 二.Centos查看端口占用情况和开启端口命令 列 ...

  5. 虚拟机安装fastdfs之后,java客户端连接超时问题,查看开放端口

    虚拟机安装fastdfs之后,java客户端连接超时问题 java.net.SocketTimeoutException: connect timed out 报错信息显示是连接超时,因为fastdf ...

  6. MDNS的漏洞报告——mdns的最大问题是允许广域网的mdns单播查询,这会暴露设备信息,或者被利用用于dns放大攻击...

    Vulnerability Note VU#550620 Multicast DNS (mDNS) implementations may respond to unicast queries ori ...

  7. jQuery仿QQ空间图片查看特效(全屏,放大,缩小,旋转,镜像,鼠标滚轮缩放)

    分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.csdn.net/jiangjunshow 也欢迎大家转载本篇文章.分享知识,造福人民,实现我们中华民族伟大复兴! 地址:h ...

  8. Centos7 防火墙开放端口,查看状态,查看开放端口

    查看状态 systemctl status firewalld 查看已开放端口 firewall-cmd --list-all 开放端口 firewall-cmd --zone=public --ad ...

  9. centos7查看当前端口_Centos7 防火墙开放端口,查看状态,查看开放端口

    CentOS7 端口的开放关闭查看都是用防火墙来控制的,具体命令如下: 查看防火墙状态:(active (running) 即是开启状态) [root@WSS bin]# systemctl fire ...

最新文章

  1. IPCC气候变暖最新报告:不要眼见,要“远见”
  2. 谈谈WPF中的CollectionView与CollectionViewSource
  3. QT小例子 ---文件查找
  4. 【攻防世界004】dmd-50
  5. 05.序列模型 W2.自然语言处理与词嵌入(作业:词向量+Emoji表情生成)
  6. 【Flink】java.lang.NumberFormatException: Not a version: 9
  7. Python 中非常狗的一个坑(在 `a={1:2},`后面多了一个逗号,自动被判为 tuple 类型了)
  8. CIKERS Shane 20190603
  9. julia 与并行计算(部分有参考和转载)
  10. 生成api接口文档的故事
  11. 大数据分析案例-用RFM模型对客户价值分析(聚类)
  12. 记一次 “HTTP 405 Method Not Allowed”的解决方法
  13. ios学习路线图_iOS开发学习路线 +技巧整理
  14. 微信小程序功能:商品收藏-图片预览-客服-分享-加入购物车
  15. 【论文写作】英文写作动词的时态
  16. java word模版填充_java向word模板中填充数据(总结)
  17. HTML显示默认图片实现
  18. xDM Land Patterns 封装工具使用笔记
  19. emg采集精度_EMG
  20. 计算机策略更新失败用户策略更新失败,升级更新win10遇到错误代码8024000B的两种解决办法...

热门文章

  1. python mysql安装
  2. 九、序列参数集Sequence Paramater Set(SPS)解析
  3. c 语言三种正规循环,C语言复习题库
  4. 手机python代码阅读_教你阅读Python开源项目代码!
  5. 与aspect长得像的单词_长相差不多的单词,你能一眼识别吗?
  6. opencv 图像识别 e语言_openCV-特征点匹配算法介绍一:理解特征
  7. hive编程指南电子版_第三篇|Spark SQL编程指南
  8. d3h 技嘉b365m 黑苹果_黑苹果macOS10.15.4单硬盘三系统安装教程
  9. MATLAB的图像文件怎么标字母,用matlab对图片进行字符识别,只要能识别字母就行…十万火急!!请各位大侠们多多帮忙…...
  10. console.log(text)打印不出来的值,用console.log(text.length)却打印出来长度为1?