Why did *this* tweet get so many likes? Useless trivia: I discovered LLMNR because I added a feature to the tailscale client to help find running services to share, and I found out I had a service running unexpectedly. Mmm, unprotected LAN packets processed by C programs.
-
-
Prikaži ovu nitHvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
It is a must-know for internal pentests. For someone who tries to pwn systems it is truly a gift :)
-
Tell me more. How does that leverage into pwning an internal system?
- Još 4 druga odgovora
Novi razgovor -
-
-
I've never heard of LLMNR, but NBNS is also really good at security bugs:https://twitter.com/zerosum0x0/status/958890437837692928?lang=en …
-
Pretty sure the NBNS lookups are mostly Windows only (which doesn't especially make it better, of course, but it's more of an OS vulnerability than a Chrome one. Uh, yeah.) You can make it happen on Linux too using libnss-winbind, I think.
- Još 2 druga odgovora
Novi razgovor -
-
-
Back when client taxonomy was a thing I cared about, I remember looking into LLMNR and wondering what it was really for. It did hostname resolution but not service discovery, which seemed... odd for a local multicast protocol. I got some packet captures but stopped there.
-
I always want to do things like "ping myserver" and have it work, which I guess it does if you use LLMNR everywhere, which nobody does. So we have that I guess.
Kraj razgovora
Novi razgovor -
-
-
default in windows until Windows 10 1903
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
systemd-resolved implements both and only does LLMNR resolution on single-label names, which means that it isn't vulnerable to the security problem described in the article at least.
-
Though annoyingly mDNS is disabled by default on links managed by networkd, which I guess might be for compatibility with systems running Avahi?
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.