zoukankan      html  css  js  c++  java
  • 可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html

    The Shadowserver Foundation

    Open mDNS Scanning Project

     来自:https://mdns.shadowserver.org/

    If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).

    The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.

    These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.

    Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.

    Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.

    Methodology

    We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org

    If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.

    Whitelisting

    To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html

    Useful Links

    Scan Status

    The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.

    Statistics on current run

    763,855 distinct IPs responded to our mDNS query.

    Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.

    Top 20 Countries With mDNS Accessible

    CountryTotal
    South Africa 260,299
    United States 109,935
    Korea, Republic of 45,438
    China 44,335
    Hong Kong 31,917
    France 27,609
    Taiwan 21,223
    Japan 21,099
    Germany 18,376
    Italy 14,397
    Canada 14,352
    Netherlands 12,987
    United Kingdom 12,839
    Brazil 10,355
    Russian Federation 9,874
    Poland 7,196
    Spain 7,043
    Sweden 6,191
    Belgium 5,567
    India 4,509

    Top 20 ASNs With mDNS Accessible

    ASNAS NameCountryTotal
    AS37353 MacroLAN, ZA 258,984
    AS4766 KIXS-AS KR 18,417
    AS9318 SKB KR 14,450
    AS7922 COMCAST-7922 US 12,489
    AS9304 HUTCHISON-AS HK 11,214
    AS4134 CHINANET CN 10,847
    AS3462 HINET TW 10,527
    AS14061 DIGITALOCEAN-ASN US 9,824
    AS16276 OVH, FR 9,788
    AS36351 SOFTLAYER US 8,625
    AS3215 AS3215, FR 8,309
    AS3269 ASN IT 7,850
    AS63949 LINODE US 7,589
    AS9269 HKBN-AS HK 6,793
    AS4760 HKTIMS HK 5,854
    AS1659 ERX-TANET TW 5,532
    AS4837 CHINA169 CN 5,075
    AS7018 ATT-INTERNET4 US 4,811
    AS18116 HGC-AS HK 4,679
    AS12322 PROXAD, FR 4,212

    All mDNS Responses

    All mDNS

    (Click image to enlarge)

    If you would like to see more regions click here

    Hosts with _workstation._tcp.local Exposed

    Workstation Service exposed

    (Click image to enlarge)

    If you would like to see more regions click here

    Hosts with _http._tcp.local Exposed

    HTTP Service exposed

    (Click image to enlarge)

    If you would like to see more regions click here

    All mDNS Responses

    All mDNS

    (Click image to enlarge)

    Hosts with _workstation._tcp.local Exposed

    Workstation Service Exposed

    (Click image to enlarge)

    Hosts with _http._tcp.local Exposed

    HTTP Service Exposed

    (Click image to enlarge)

  • 相关阅读:
    再谈加密-RSA非对称加密的理解和使用
    WEB开发中的字符集和编码
    网页实时聊天之PHP实现websocket
    PHP中的回调函数和匿名函数
    shell实现SSH自动登陆
    初探PHP多进程
    PHP的openssl加密扩展使用小结
    搭建自己的PHP框架心得(三)
    docker 快速搭建Nexus3
    用图形数据库Neo4j 设计权限模块
  • 原文地址:https://www.cnblogs.com/bonelee/p/7567310.html
Copyright © 2011-2022 走看看