You are not logged in.

Pages: 1

#1 2024-03-27 11:27:32

gcb
Member
Registered: 2014-02-12
Posts: 213

[SOLVED] Disabling LLMR/mDNS (port 5353)

i've added files on /etc/systemd/resolved.conf.d/x.conf

which have 

[Resolve]
LLMR=no

among other things. But i still get garbage LLMR (it's practically microsoft netbios v2) running on port 5353.

At first i assumed that file was not being picked up, So edited /etc/systemd/resolved.conf directly.

after `systemctl daemon-reload` and `systemctl restart systemd-resolved.service` I still have port 5353 open.

 $ sudo  ss -l -p '( sport = :5353 )'
Place your right index finger on the fingerprint reader
Netid         State          Recv-Q         Send-Q                   Local Address:Port                   Peer Address:Port         Process                                             
udp           UNCONN         0              0                              0.0.0.0:mdns                        0.0.0.0:*             users:(("systemd-resolve",pid=4498,fd=11))         
udp           UNCONN         0              0                                 [::]:mdns                           [::]:*             users:(("systemd-resolve",pid=4498,fd=12))

Last edited by gcb (2024-04-02 00:30:51)

Offline

#2 2024-03-27 19:24:28

Brocellous
Member
Registered: 2017-11-27
Posts: 161

Re: [SOLVED] Disabling LLMR/mDNS (port 5353)

port 5353 is MDNS, not LLMNR.

Offline

#3 2024-03-28 11:46:18

Lone_Wolf
Administrator
From: Netherlands, Europe
Registered: 2005-10-04
Posts: 15,089

Re: [SOLVED] Disabling LLMR/mDNS (port 5353)

https://wiki.archlinux.org/title/Systemd-resolved#LLMNR wrote:

If you plan to use LLMNR and use a firewall, make sure to open UDP and TCP ports 5355.

Check port 5355 .

Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.

clean chroot building not flexible enough ?
Try clean chroot manager by graysky

Online

#4 2024-04-02 00:14:53

gcb
Member
Registered: 2014-02-12
Posts: 213

Re: [SOLVED] Disabling LLMR/mDNS (port 5353)

Brocellous wrote:

port 5353 is MDNS, not LLMNR.

potato. potahtoh smile

It's all mostly the same for me. They are mostly useless outside of windows environment. Microsoft is moving from LLMNR to mdns and probably keeping the port number? i don't know.

what is crazy is systemd folks assuming everyone using linux wants that open to the world on all their machines. Their microsoft alegiance signaling is getting out of hand. specially since even microsoft abandoned it: https://techcommunity.microsoft.com/t5/ … -p/3290816

LLMNR are rarely used today. This means that having them enabled needlessly expands the attack surface of devices and increases the load on the networks they use

Lone_Wolf wrote:
https://wiki.archlinux.org/title/Systemd-resolved#LLMNR wrote:

If you plan to use LLMNR and use a firewall, make sure to open UDP and TCP ports 5355.

Check port 5355 .


Wild. I'm seeing port 5353, as you can see from the command on my 1st post. Maybe that's the newport if microsoft keep 5353 to mdns?

But i'm trying to get rid of it all. Not expose even more.

Last edited by gcb (2024-04-02 00:20:24)

Offline

#5 2024-04-02 00:30:23

gcb
Member
Registered: 2014-02-12
Posts: 213

Re: [SOLVED] Disabling LLMR/mDNS (port 5353)

Brocellous wrote:

port 5353 is MDNS, not LLMNR.

Thanks, I see what you mean now.

I have to disable both!

adding `MulticastDNS=no` to that config file solved it.

Offline

Pages: 1

Board footer

Powered by FluxBB