Thread: How do I chase down who is doing a multicast?
View Single Post
  #2  
Old April 7th 18, 12:42 AM posted to alt.windows7.general
VanguardLH[_2_]
external usenet poster
  
Posts: 10,881
Default How do I chase down who is doing a multicast?
T wrote:

5355

Based on that port number:

https://en.wikipedia.org/wiki/Link-L...ame_Resolution

which also has a hyperlink to:

https://technet.microsoft.com/library/bb878128

Seems that every host running the DNS client is going to use LLMNR. I
suspect if you disable LLMNR that sharing services could get impacted.

http://www.pciqsatalk.com/2016/03/di...r-netbios.html

Are you allowing rogue hosts to enter your intranet, like letting users
bring their own laptops into work to connect directly to the corporate
network instead of into a DMZ'ed subnet? LLMNR traffic is not routable
(because it is a local link protocol); that is, it cannot pass across
routers, so the problem is not with external hacking into your intranet.

https://tools.ietf.org/rfc/rfc4795.txt

So do you trust the hosts permitted to physically connect to the same
subnet within your intranet?
Ads