T wrote:
5355
Based on that port number:
https://en.wikipedia.org/wiki/Link-L...ame_Resolution
which also has a hyperlink to:
https://technet.microsoft.com/library/bb878128
Seems that every host running the DNS client is going to use LLMNR. I
suspect if you disable LLMNR that sharing services could get impacted.
http://www.pciqsatalk.com/2016/03/di...r-netbios.html
Are you allowing rogue hosts to enter your intranet, like letting users
bring their own laptops into work to connect directly to the corporate
network instead of into a DMZ'ed subnet? LLMNR traffic is not routable
(because it is a local link protocol); that is, it cannot pass across
routers, so the problem is not with external hacking into your intranet.
https://tools.ietf.org/rfc/rfc4795.txt
So do you trust the hosts permitted to physically connect to the same
subnet within your intranet?