Orbi WiFi 7 RBE973
Reply

Re: Orbi pro sxr80 sxs80 mDNS hazard source . Benifit or risk

Orbipro1
Aspirant

Orbi pro sxr80 sxs80 mDNS hazard source . Benifit or risk

Is orbipro mDNS open or closed?

 

will airplay benefit from mDNS on or off?  Using on small home network.


this article stated:

hazard source. In many cases, the mDNS is open. This means that it also reacts to external queries (via the Internet). Cyber criminals can find these types of open services and use them for DDoS attacks. The network’s devices are then misused in order to bombard a target server with queries. Furthermore, sensitive data can be discovered via an open multicast DNS. Attackers can, in this way, read the Mac addresses of connected devices, for example, and use this information for further attacks.

Message 1 of 2

Accepted Solutions
schumaku
Guru

Re: Orbi pro sxr80 sxs80 mDNS hazard source . Benifit or risk

Airplay does require mDNS on your local network. Apple does name it Bonjour. Without, mDNS your Airplay is 100% inop. Your mobile or Mac wont be able to find the speaker, the display, the TV, your printer, even the Apple TV... 

 

What Netgear has implemented is the ability to locate services on other VLAN/subnet, so on all your networks - for example to print, to use a display, a speaker, ...

 

Now, if you don't need any of this beyond your single VLAN and subnet, you don't have to enable the capability.

 

Of course, any reasonable consumer or small business router does block incoming port 5353/udp connections - on IPv4 which is NATed anyway, and on IPv6 (much more risk of having services exposed).

View solution in original post

Message 2 of 2

All Replies
schumaku
Guru

Re: Orbi pro sxr80 sxs80 mDNS hazard source . Benifit or risk

Airplay does require mDNS on your local network. Apple does name it Bonjour. Without, mDNS your Airplay is 100% inop. Your mobile or Mac wont be able to find the speaker, the display, the TV, your printer, even the Apple TV... 

 

What Netgear has implemented is the ability to locate services on other VLAN/subnet, so on all your networks - for example to print, to use a display, a speaker, ...

 

Now, if you don't need any of this beyond your single VLAN and subnet, you don't have to enable the capability.

 

Of course, any reasonable consumer or small business router does block incoming port 5353/udp connections - on IPv4 which is NATed anyway, and on IPv6 (much more risk of having services exposed).

Message 2 of 2
Top Contributors
Discussion stats
  • 1 reply
  • 972 views
  • 1 kudo
  • 2 in conversation
Announcements