Open mDNS Servers Report

classic Classic list List threaded Threaded
11 messages Options
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Open mDNS Servers Report

Steffan Noord
|Hello,

Im using pdns for al my dns
Suddenly im getting a report from shadowserver.org for open mDNS server
But I dont understand the report

I was running

pdns.x86_64
3.4.7-1.el7
Now updated to
pdns.x86_64
3.4.7-2.el7

Any idees what this is?


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Thiago Farina


On Thu, Feb 18, 2016 at 7:56 AM, Steffan Noord <[hidden email]> wrote:
|Hello,

Im using pdns for al my dns
Suddenly im getting a report from shadowserver.org for open mDNS server
But I dont understand the report

What the report says? Could you paste it here?

-- 
Thiago Farina

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Steffan Noord

Attatched is the report

 

Van: Thiago Farina [mailto:[hidden email]]
Verzonden: vrijdag 19 februari 2016 15:44
Aan: Steffan Noord <[hidden email]>
CC: [hidden email]
Onderwerp: Re: [Pdns-users] Open mDNS Servers Report

 

 

 

On Thu, Feb 18, 2016 at 7:56 AM, Steffan Noord <[hidden email]> wrote:

|Hello,

Im using pdns for al my dns
Suddenly im getting a report from shadowserver.org for open mDNS server
But I dont understand the report

What the report says? Could you paste it here?

 

-- 

Thiago Farina


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

2016-02-20-scan_mdns.csv (696 bytes) Download Attachment
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Peter van Dijk
Steffan,

can you see (via ss or netstat or sockstat etc.) what process is
listening on port 5353?

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

On 21 Feb 2016, at 11:17, Steffan Noord wrote:

> Attatched is the report
>
>
>
> Van: Thiago Farina [mailto:[hidden email]]
> Verzonden: vrijdag 19 februari 2016 15:44
> Aan: Steffan Noord <[hidden email]>
> CC: [hidden email]
> Onderwerp: Re: [Pdns-users] Open mDNS Servers Report
>
>
>
>
>
>
>
> On Thu, Feb 18, 2016 at 7:56 AM, Steffan Noord <[hidden email]
> <mailto:[hidden email]> > wrote:
>
> |Hello,
>
> Im using pdns for al my dns
> Suddenly im getting a report from shadowserver.org
> <http://shadowserver.org>  for open mDNS server
> But I dont understand the report
>
> What the report says? Could you paste it here?
>
>
>
> --
>
> Thiago Farina
>
> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Leen Besselink
On 2016-02-21 14:00, Peter van Dijk wrote:
> Steffan,
>
> can you see (via ss or netstat or sockstat etc.) what process is
> listening on port 5353?
>

The command you are looking for is probably:
netstat -nap | grep :5353

With the process name and process ID in the last column.

My guess is it's the Avahi (daemon) for Multicast DNS.

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Steffan Noord
In reply to this post by Peter van Dijk
That is the strange thing
I cant make a telnet connection to 5353

Lsof and netstat reports nothing on that port

Steffan

-----Oorspronkelijk bericht-----
Van: Pdns-users [mailto:[hidden email]] Namens Peter van Dijk
Verzonden: zondag 21 februari 2016 14:00
Aan: pdns-users Users
Onderwerp: Re: [Pdns-users] Open mDNS Servers Report

Steffan,

can you see (via ss or netstat or sockstat etc.) what process is listening on port 5353?

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

On 21 Feb 2016, at 11:17, Steffan Noord wrote:

> Attatched is the report
>
>
>
> Van: Thiago Farina [mailto:[hidden email]]
> Verzonden: vrijdag 19 februari 2016 15:44
> Aan: Steffan Noord <[hidden email]>
> CC: [hidden email]
> Onderwerp: Re: [Pdns-users] Open mDNS Servers Report
>
>
>
>
>
>
>
> On Thu, Feb 18, 2016 at 7:56 AM, Steffan Noord <[hidden email]
> <mailto:[hidden email]> > wrote:
>
> |Hello,
>
> Im using pdns for al my dns
> Suddenly im getting a report from shadowserver.org
> <http://shadowserver.org>  for open mDNS server But I dont understand
> the report
>
> What the report says? Could you paste it here?
>
>
>
> --
>
> Thiago Farina
>
> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Peter van Dijk
It is likely the report is about UDP, not TCP. Please be aware that UDP
sockets do not say ‘LISTEN’ in netstat.

If you really can find nothing on that port, and also no iptables
mappings that might make something available on that port, consider the
possibility that the report is bogus.

Kind regards,
--
Peter van Dijk
PowerDNS.COM BV - https://www.powerdns.com/

On 21 Feb 2016, at 14:11, Steffan Noord wrote:

> That is the strange thing
> I cant make a telnet connection to 5353
>
> Lsof and netstat reports nothing on that port
>
> Steffan
>
> -----Oorspronkelijk bericht-----
> Van: Pdns-users [mailto:[hidden email]]
> Namens Peter van Dijk
> Verzonden: zondag 21 februari 2016 14:00
> Aan: pdns-users Users
> Onderwerp: Re: [Pdns-users] Open mDNS Servers Report
>
> Steffan,
>
> can you see (via ss or netstat or sockstat etc.) what process is
> listening on port 5353?
>
> Kind regards,
> --
> Peter van Dijk
> PowerDNS.COM BV - https://www.powerdns.com/
>
> On 21 Feb 2016, at 11:17, Steffan Noord wrote:
>
>> Attatched is the report
>>
>>
>>
>> Van: Thiago Farina [mailto:[hidden email]]
>> Verzonden: vrijdag 19 februari 2016 15:44
>> Aan: Steffan Noord <[hidden email]>
>> CC: [hidden email]
>> Onderwerp: Re: [Pdns-users] Open mDNS Servers Report
>>
>>
>>
>>
>>
>>
>>
>> On Thu, Feb 18, 2016 at 7:56 AM, Steffan Noord
>> <[hidden email]
>> <mailto:[hidden email]> > wrote:
>>
>> |Hello,
>>
>> Im using pdns for al my dns
>> Suddenly im getting a report from shadowserver.org
>> <http://shadowserver.org>  for open mDNS server But I dont understand
>> the report
>>
>> What the report says? Could you paste it here?
>>
>>
>>
>> --
>>
>> Thiago Farina
>>
>> _______________________________________________
>> Pdns-users mailing list
>> [hidden email]
>> http://mailman.powerdns.com/mailman/listinfo/pdns-users
> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
>
> _______________________________________________
> Pdns-users mailing list
> [hidden email]
> http://mailman.powerdns.com/mailman/listinfo/pdns-users
_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Leen Besselink
In reply to this post by Steffan Noord
On 2016-02-21 14:11, Steffan Noord wrote:
> That is the strange thing
> I cant make a telnet connection to 5353
>
> Lsof and netstat reports nothing on that port
>
> Steffan
>

If it's the Multicast DNS I mentioned in the other e-mail it is UDP,
not TCP. So telnet won't work.


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Steffan Noord
[root@ns3 /]# netstat -nap | grep :5353
[root@ns3 /]#

I See avahi on this server.
But I didn’t install it ( I think)
Do I need it ?
-----Oorspronkelijk bericht-----
Van: Pdns-users [mailto:[hidden email]] Namens [hidden email]
Verzonden: zondag 21 februari 2016 14:14
Aan: [hidden email]
Onderwerp: Re: [Pdns-users] Open mDNS Servers Report

On 2016-02-21 14:11, Steffan Noord wrote:
> That is the strange thing
> I cant make a telnet connection to 5353
>
> Lsof and netstat reports nothing on that port
>
> Steffan
>

If it's the Multicast DNS I mentioned in the other e-mail it is UDP, not TCP. So telnet won't work.


_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Leen Besselink
On 2016-02-21 14:41, Steffan Noord wrote:
> [root@ns3 /]# netstat -nap | grep :5353

Strange that you get the report, but nothing is listening.

> [root@ns3 /]#
>
> I See avahi on this server.
> But I didn’t install it ( I think)
> Do I need it ?

If it's a server, normally no.

It's used to find hosts on the local network (multicast DNS service
discovery).
Like: Apple Zeroconf/Bonjour or DLNA for discovery of things like
iTunes or other music/video playback devices.
Or discovery of printers.

Is it running ?

> -----Oorspronkelijk bericht-----
> Van: Pdns-users [mailto:[hidden email]]
> Namens [hidden email]
> Verzonden: zondag 21 februari 2016 14:14
> Aan: [hidden email]
> Onderwerp: Re: [Pdns-users] Open mDNS Servers Report
>
> On 2016-02-21 14:11, Steffan Noord wrote:
>> That is the strange thing
>> I cant make a telnet connection to 5353
>>
>> Lsof and netstat reports nothing on that port
>>
>> Steffan
>>
>
> If it's the Multicast DNS I mentioned in the other e-mail it is UDP,
> not TCP. So telnet won't work.
>
_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Open mDNS Servers Report

Steffan Noord
It was not running now.  But that ws after I rebooted it.
There ware a lot of zombie processes so I rebooted this vps
I removed avahi.  And see if the report stays away :-)

Thanxs

Steffan


-----Oorspronkelijk bericht-----
Van: Pdns-users [mailto:[hidden email]] Namens [hidden email]
Verzonden: zondag 21 februari 2016 15:00
Aan: [hidden email]
Onderwerp: Re: [Pdns-users] Open mDNS Servers Report

On 2016-02-21 14:41, Steffan Noord wrote:
> [root@ns3 /]# netstat -nap | grep :5353

Strange that you get the report, but nothing is listening.

> [root@ns3 /]#
>
> I See avahi on this server.
> But I didn’t install it ( I think)
> Do I need it ?

If it's a server, normally no.

It's used to find hosts on the local network (multicast DNS service discovery).
Like: Apple Zeroconf/Bonjour or DLNA for discovery of things like iTunes or other music/video playback devices.
Or discovery of printers.

Is it running ?

> -----Oorspronkelijk bericht-----
> Van: Pdns-users [mailto:[hidden email]]
> Namens [hidden email]
> Verzonden: zondag 21 februari 2016 14:14
> Aan: [hidden email]
> Onderwerp: Re: [Pdns-users] Open mDNS Servers Report
>
> On 2016-02-21 14:11, Steffan Noord wrote:
>> That is the strange thing
>> I cant make a telnet connection to 5353
>>
>> Lsof and netstat reports nothing on that port
>>
>> Steffan
>>
>
> If it's the Multicast DNS I mentioned in the other e-mail it is UDP,
> not TCP. So telnet won't work.
>
_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users

_______________________________________________
Pdns-users mailing list
[hidden email]
http://mailman.powerdns.com/mailman/listinfo/pdns-users
Loading...