可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html

本文涉及的产品
全局流量管理 GTM,标准版 1个月
公共DNS(含HTTPDNS解析),每月1000万次HTTP解析
云解析 DNS,旗舰版 1个月
简介:

The Shadowserver Foundation

Open mDNS Scanning Project

 来自:https://mdns.shadowserver.org/

If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).

The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.

These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.

Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.

Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.

Methodology

 

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org

If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.

Whitelisting

 

To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html

Useful Links

 

Scan Status

 

The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.

Statistics on current run

 

763,855 distinct IPs responded to our mDNS query.

Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.

Top 20 Countries With mDNS Accessible

 

Country Total
South Africa 260,299
United States 109,935
Korea, Republic of 45,438
China 44,335
Hong Kong 31,917
France 27,609
Taiwan 21,223
Japan 21,099
Germany 18,376
Italy 14,397
Canada 14,352
Netherlands 12,987
United Kingdom 12,839
Brazil 10,355
Russian Federation 9,874
Poland 7,196
Spain 7,043
Sweden 6,191
Belgium 5,567
India 4,509

Top 20 ASNs With mDNS Accessible

 

ASN AS Name Country Total
AS37353 MacroLAN, ZA 258,984
AS4766 KIXS-AS KR 18,417
AS9318 SKB KR 14,450
AS7922 COMCAST-7922 US 12,489
AS9304 HUTCHISON-AS HK 11,214
AS4134 CHINANET CN 10,847
AS3462 HINET TW 10,527
AS14061 DIGITALOCEAN-ASN US 9,824
AS16276 OVH, FR 9,788
AS36351 SOFTLAYER US 8,625
AS3215 AS3215, FR 8,309
AS3269 ASN IT 7,850
AS63949 LINODE US 7,589
AS9269 HKBN-AS HK 6,793
AS4760 HKTIMS HK 5,854
AS1659 ERX-TANET TW 5,532
AS4837 CHINA169 CN 5,075
AS7018 ATT-INTERNET4 US 4,811
AS18116 HGC-AS HK 4,679
AS12322 PROXAD, FR 4,212

All mDNS Responses

 

All mDNS

(Click image to enlarge)

If you would like to see more regions click here

Hosts with _workstation._tcp.local Exposed

 

Workstation Service exposed

(Click image to enlarge)

If you would like to see more regions click here

Hosts with _http._tcp.local Exposed

 

HTTP Service exposed

(Click image to enlarge)

If you would like to see more regions click here

All mDNS Responses

 

All mDNS

(Click image to enlarge)

Hosts with _workstation._tcp.local Exposed

 

Workstation Service Exposed

(Click image to enlarge)

Hosts with _http._tcp.local Exposed

 

HTTP Service Exposed

(Click image to enlarge)

 















本文转自张昺华-sky博客园博客,原文链接:http://www.cnblogs.com/bonelee/p/7567310.html,如需转载请自行联系原作者



相关文章
|
网络协议 算法 安全
网络协议与攻击模拟-23-HTTPS协议
网络协议与攻击模拟-23-HTTPS协议
123 1
|
安全 应用服务中间件 Apache
目标URL存在http host头攻击漏洞
目标URL存在http host头攻击漏洞
1323 0
目标URL存在http host头攻击漏洞
|
6月前
针对持续不断的产品市场制造商的自动攻击合成 https://developer.aliyun.com/article/1512648?spm=a2c6h.13262185.profile.22.7e32b28arRWTOH T恤或卫衣 针对持续不断的产品市场制造商的自动攻击合成 针对持续不断的产品市场制造商的自动攻击合成
针对持续不断的产品市场制造商的自动攻击合成 https://developer.aliyun.com/article/1512648?spm=a2c6h.13262185.profile.22.7e32b28arRWTOH T恤或卫衣 针对持续不断的产品市场制造商的自动攻击合成 针对持续不断的产品市场制造商的自动攻击合成
55 0
|
存储 安全 算法
https 是否真的安全,https攻击该如何防护,https可以被抓包吗?如何防止呢?
https 是否真的安全,https攻击该如何防护,https可以被抓包吗?如何防止呢?
|
存储 安全 JavaScript
百度搜索:蓝易云【HTTP/HTTPS以及XSS攻击详解。】
综上所述,HTTP是一种用于在Web上传输数据的协议,而HTTPS是HTTP的安全版本,通过加密和身份验证确保通信的安全性。XSS攻击是一种利用Web应用程序的安全漏洞在用户浏览器上执行恶意脚本的攻击。
72 1
|
安全 应用服务中间件 Apache
|
资源调度 JavaScript
vue项目:解决v-html可能带来的XSS是跨站脚本攻击
vue项目:解决v-html可能带来的XSS是跨站脚本攻击
1325 0
|
网络协议 算法 Java
面试官:你觉得HTTPS能防止重放攻击吗?
面试官:你觉得HTTPS能防止重放攻击吗? 2021-09-07 13:45·java互联网架构 引言 先来一段面试情景再现~~ 最后的结局自然就是 OK,带着上面的疑问,开始我们今天的文章! 正文 协议流程 我们先来回忆一下HTTPS的通信流程,HTTPS协议 = HTTP协议 + SSL/TLS协议,摘取一下网上一些八股文的回答(以RSA密钥交换的为例)! (1)客户端生成一个随机数client_random,TLS版本号,发
|
Web App开发 JavaScript 前端开发
html转义及如何防止javascript注入攻击
有的时候页面中会有一个输入框,用户输入内容后会显示在页面中,类似于网页聊天应用。如果用户输入了一段js脚本,比例:,页面会弹出一个对话框,或者输入的脚本中有改变页面js变量的代码则会时程序异常或者达到跳过某种验证的目的。
2958 0
|
网络协议
NTP方式对https的攻击手法介绍
目前https的普遍性越来越多,随之而来的攻击方式也新颖起来,本章详细介绍下NTP攻击方式。
321 0
NTP方式对https的攻击手法介绍