可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html...
Open mDNS Scanning Project
来自:https://mdns.shadowserver.org/
If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).
The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.
These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.
Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.
Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.
Methodology
We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org
If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.
Whitelisting
To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html
Useful Links
- Blog Summary: http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
- Get reports on your network: https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
- Current Whitelist: https://mdns.shadowserver.org/exclude.html
Scan Status
The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.
Statistics on current run
763,855 distinct IPs responded to our mDNS query.
Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.
Top 20 Countries With mDNS Accessible
Country | Total |
---|---|
South Africa | 260,299 |
United States | 109,935 |
Korea, Republic of | 45,438 |
China | 44,335 |
Hong Kong | 31,917 |
France | 27,609 |
Taiwan | 21,223 |
Japan | 21,099 |
Germany | 18,376 |
Italy | 14,397 |
Canada | 14,352 |
Netherlands | 12,987 |
United Kingdom | 12,839 |
Brazil | 10,355 |
Russian Federation | 9,874 |
Poland | 7,196 |
Spain | 7,043 |
Sweden | 6,191 |
Belgium | 5,567 |
India | 4,509 |
Top 20 ASNs With mDNS Accessible
ASN | AS Name | Country | Total |
---|---|---|---|
AS37353 | MacroLAN, | ZA | 258,984 |
AS4766 | KIXS-AS | KR | 18,417 |
AS9318 | SKB | KR | 14,450 |
AS7922 | COMCAST-7922 | US | 12,489 |
AS9304 | HUTCHISON-AS | HK | 11,214 |
AS4134 | CHINANET | CN | 10,847 |
AS3462 | HINET | TW | 10,527 |
AS14061 | DIGITALOCEAN-ASN | US | 9,824 |
AS16276 | OVH, | FR | 9,788 |
AS36351 | SOFTLAYER | US | 8,625 |
AS3215 | AS3215, | FR | 8,309 |
AS3269 | ASN | IT | 7,850 |
AS63949 | LINODE | US | 7,589 |
AS9269 | HKBN-AS | HK | 6,793 |
AS4760 | HKTIMS | HK | 5,854 |
AS1659 | ERX-TANET | TW | 5,532 |
AS4837 | CHINA169 | CN | 5,075 |
AS7018 | ATT-INTERNET4 | US | 4,811 |
AS18116 | HGC-AS | HK | 4,679 |
AS12322 | PROXAD, | FR | 4,212 |
All mDNS Responses
(Click image to enlarge)
If you would like to see more regions click here
Hosts with _workstation._tcp.local Exposed
(Click image to enlarge)
If you would like to see more regions click here
Hosts with _http._tcp.local Exposed
(Click image to enlarge)
If you would like to see more regions click here
All mDNS Responses
(Click image to enlarge)
Hosts with _workstation._tcp.local Exposed
(Click image to enlarge)
Hosts with _http._tcp.local Exposed
(Click image to enlarge)
转载于:https://www.cnblogs.com/bonelee/p/7567310.html
可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html...相关推荐
- linux(2):linux命令查看开放哪些端口
linux命令查看开放哪些端口 netstat -nupl (UDP类型的端口) netstat -ntpl (TCP类型的端口) a 表示所有 n表示不查询dns t表示tcp协议 u表示udp协议 ...
- CentOS7查看开放端口命令
CentOS7查看开放端口命令 CentOS7的开放关闭查看端口都是用防火墙来控制的,具体命令如下: 查看已经开放的端口: Linux代码 firewall-cmd --list-ports 开启 ...
- linux 查看开放的端口以及开放端口并且永久开放端口的方法
查看指定端口是否被占用,有输出则被占用,无输出则未占用 sudo lsof -i:8097 查看开放的端口 netstat -nupl 查看udp协议的端口号 netstat -ntpl 查看tcp协 ...
- CentOS7查看开放端口命令、查看端口占用情况和开启端口命令、杀掉进程
文章目录 一.CentOS7查看开放端口命令 查看已经开放的端口 开启端口 命令含义 重启防火墙 停止firewall 禁止firewall开机启动 二.Centos查看端口占用情况和开启端口命令 列 ...
- 虚拟机安装fastdfs之后,java客户端连接超时问题,查看开放端口
虚拟机安装fastdfs之后,java客户端连接超时问题 java.net.SocketTimeoutException: connect timed out 报错信息显示是连接超时,因为fastdf ...
- MDNS的漏洞报告——mdns的最大问题是允许广域网的mdns单播查询,这会暴露设备信息,或者被利用用于dns放大攻击...
Vulnerability Note VU#550620 Multicast DNS (mDNS) implementations may respond to unicast queries ori ...
- jQuery仿QQ空间图片查看特效(全屏,放大,缩小,旋转,镜像,鼠标滚轮缩放)
分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.csdn.net/jiangjunshow 也欢迎大家转载本篇文章.分享知识,造福人民,实现我们中华民族伟大复兴! 地址:h ...
- Centos7 防火墙开放端口,查看状态,查看开放端口
查看状态 systemctl status firewalld 查看已开放端口 firewall-cmd --list-all 开放端口 firewall-cmd --zone=public --ad ...
- centos7查看当前端口_Centos7 防火墙开放端口,查看状态,查看开放端口
CentOS7 端口的开放关闭查看都是用防火墙来控制的,具体命令如下: 查看防火墙状态:(active (running) 即是开启状态) [root@WSS bin]# systemctl fire ...
最新文章
- IPCC气候变暖最新报告:不要眼见,要“远见”
- 谈谈WPF中的CollectionView与CollectionViewSource
- QT小例子 ---文件查找
- 【攻防世界004】dmd-50
- 05.序列模型 W2.自然语言处理与词嵌入(作业:词向量+Emoji表情生成)
- 【Flink】java.lang.NumberFormatException: Not a version: 9
- Python 中非常狗的一个坑(在 `a={1:2},`后面多了一个逗号,自动被判为 tuple 类型了)
- CIKERS Shane 20190603
- julia 与并行计算(部分有参考和转载)
- 生成api接口文档的故事
- 大数据分析案例-用RFM模型对客户价值分析(聚类)
- 记一次 “HTTP 405 Method Not Allowed”的解决方法
- ios学习路线图_iOS开发学习路线 +技巧整理
- 微信小程序功能:商品收藏-图片预览-客服-分享-加入购物车
- 【论文写作】英文写作动词的时态
- java word模版填充_java向word模板中填充数据(总结)
- HTML显示默认图片实现
- xDM Land Patterns 封装工具使用笔记
- emg采集精度_EMG
- 计算机策略更新失败用户策略更新失败,升级更新win10遇到错误代码8024000B的两种解决办法...
热门文章
- python mysql安装
- 九、序列参数集Sequence Paramater Set(SPS)解析
- c 语言三种正规循环,C语言复习题库
- 手机python代码阅读_教你阅读Python开源项目代码!
- 与aspect长得像的单词_长相差不多的单词,你能一眼识别吗?
- opencv 图像识别 e语言_openCV-特征点匹配算法介绍一:理解特征
- hive编程指南电子版_第三篇|Spark SQL编程指南
- d3h 技嘉b365m 黑苹果_黑苹果macOS10.15.4单硬盘三系统安装教程
- MATLAB的图像文件怎么标字母,用matlab对图片进行字符识别,只要能识别字母就行…十万火急!!请各位大侠们多多帮忙…...
- console.log(text)打印不出来的值,用console.log(text.length)却打印出来长度为1?