Re: 224.0.0.251
On 24/05/14 04:11, ToddAndMargo wrote: Seems I have already look at 5353 once before. From one of my penetration reports: Port 5353/udp (zeroconf) is registered to the Link Local Multicast Name Resolution (LLMNR) service. It is part of how Windows computers identify themselves to each other on a local area network and is part of the normal operation of the Windows XP Operating System. Further information can be found at: https://en.wikipedia.org/wiki/LLMNR mDNS can be used to much more as well when combing it with DNS-SD [1], like telling other hosts what kind of services each boxes provides. mDNS coupled with DNS-SD is quite a beast, avahi-daemon provides the same functionality on Linux boxes as well. [1] http://en.wikipedia.org/wiki/Zero_configuration_networking#Service_discovery But it's also possible to provide DNS-SD using a normal DNS server as well, which can be suitable to announce services on servers you don't want to have avahi-daemon running. It can surely be quite handy, but if you're concerned about security [2] it surely has it challenges there too. I generally block port 5353 (tcp and udp) on all my boxes when they're not on a network I fully trust. And I also carefully configure avahi-daemon (/etc/avahi/avahi-daemon.conf) too, if I want avahi-daemon running. [2] http://en.wikipedia.org/wiki/Zero_configuration_networking#Security_issues -- kind regards, David Sommerseth
Re: 224.0.0.251
On 2014/05/23 14:25, ToddAndMargo wrote:
On 05/23/2014 02:08 PM, Alan Bartlett wrote:
On 23 May 2014 22:02, ToddAndMargo toddandma...@zoho.com wrote:
Hi All,
Is there some special meaning (like 127.0.0.1.) to
the following IP address?
224.0.0.251
Many thanks,
-T
It is an IP Multicast address.
host 224.0.0.251
will tell you a bit more.
Alan.
Hi Alan,
$ host 224.0.0.251
Host 251.0.0.224.in-addr.arpa. not found: 3(NXDOMAIN)
Not sure what I am suppose to find.
This is why I ask (VLC's doing):
kernel: Vlan-out Everything Else IN= OUT=eth0.5 SRC=192.168.254.10
DST=224.0.0.251 LEN=56 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353
DPT=5353 LEN=36
eth0.5 is a virtual Ethernet too, not hooked to the Internet.
And port 3535 UDP?
$ grep -i 3535 /etc/services
ms-la 3535/tcp# MS-LA
ms-la 3535/udp# MS-LA
Thank you for the help,
-T
Lysdexic are we? It's 5353 which seems to be an alternate DNS address.
{^_^} Joanne me too be lysdexic
Re: 224.0.0.251
On 2014/05/23 18:38, ToddAndMargo wrote:
On 05/23/2014 06:17 PM, jdow wrote:
On 2014/05/23 14:25, ToddAndMargo wrote:
On 05/23/2014 02:08 PM, Alan Bartlett wrote:
On 23 May 2014 22:02, ToddAndMargo toddandma...@zoho.com wrote:
Hi All,
Is there some special meaning (like 127.0.0.1.) to
the following IP address?
224.0.0.251
Many thanks,
-T
It is an IP Multicast address.
host 224.0.0.251
will tell you a bit more.
Alan.
Hi Alan,
$ host 224.0.0.251
Host 251.0.0.224.in-addr.arpa. not found: 3(NXDOMAIN)
Not sure what I am suppose to find.
This is why I ask (VLC's doing):
kernel: Vlan-out Everything Else IN= OUT=eth0.5 SRC=192.168.254.10
DST=224.0.0.251 LEN=56 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP
SPT=5353
DPT=5353 LEN=36
eth0.5 is a virtual Ethernet too, not hooked to the Internet.
And port 3535 UDP?
$ grep -i 3535 /etc/services
ms-la 3535/tcp# MS-LA
ms-la 3535/udp# MS-LA
Thank you for the help,
-T
Lysdexic are we? It's 5353 which seems to be an alternate DNS address.
{^_^} Joanne me too be lysdexic
Hi Joanne,
$ grep -i 5353 /etc/services
mdns5353/tcp# Multicast DNS
mdns5353/udp# Multicast DNS
Makes more sense.
Interesting. M$'s list of official ports does not
list it:
http://support.microsoft.com/kb/832017#method67
I have been working on a PCI (credit card security) probe
of a customer's site all day. I keep mixing up my ports
with their's. (When you probe the entire network, you get your own
IP as well as their's and everyone else on the network.) AA
Apparently lysdexic is catching. Now the point I really
wanted to make was, was, was... Oh phooey, I forgot. :')
Who are you again? Are you still in the Navy? :-D
-T
Naw, even the Swiss navy would not accept me. But I have done some Swiss
Navy projects in my time. (Local slang for personal. If the now have a
navy I'll have to use something like Nigerian Navy.)
{O,o] Back into my hole in the wall. Joanne Glad I helped you make sense.
Re: 224.0.0.251
On 05/23/2014 06:17 PM, jdow wrote:
On 2014/05/23 14:25, ToddAndMargo wrote:
On 05/23/2014 02:08 PM, Alan Bartlett wrote:
On 23 May 2014 22:02, ToddAndMargo toddandma...@zoho.com wrote:
Hi All,
Is there some special meaning (like 127.0.0.1.) to
the following IP address?
224.0.0.251
Many thanks,
-T
It is an IP Multicast address.
host 224.0.0.251
will tell you a bit more.
Alan.
Hi Alan,
$ host 224.0.0.251
Host 251.0.0.224.in-addr.arpa. not found: 3(NXDOMAIN)
Not sure what I am suppose to find.
This is why I ask (VLC's doing):
kernel: Vlan-out Everything Else IN= OUT=eth0.5 SRC=192.168.254.10
DST=224.0.0.251 LEN=56 TOS=0x00 PREC=0x00 TTL=255 ID=0 DF PROTO=UDP
SPT=5353
DPT=5353 LEN=36
eth0.5 is a virtual Ethernet too, not hooked to the Internet.
And port 3535 UDP?
$ grep -i 3535 /etc/services
ms-la 3535/tcp# MS-LA
ms-la 3535/udp# MS-LA
Thank you for the help,
-T
Lysdexic are we? It's 5353 which seems to be an alternate DNS address.
{^_^} Joanne me too be lysdexic
Seems I have already look at 5353 once before. From
one of my penetration reports:
Port 5353/udp (zeroconf) is registered to the Link
Local Multicast Name Resolution (LLMNR) service.
It is part of how Windows computers identify themselves
to each other on a local area network and is part of
the normal operation of the Windows XP Operating System.
Further information can be found at:
https://en.wikipedia.org/wiki/LLMNR
--
~~
Computers are like air conditioners.
They malfunction when you open windows
~~
