Kitz Forum

Broadband Related => Broadband Hardware => Topic started by: Weaver on September 22, 2019, 11:06:58 AM

Title: Idea for feature request for Firebrick and other routers
Post by: Weaver on September 22, 2019, 11:06:58 AM

Firebrick feature request idea. Might propose this if it makes sense. Let me know what you think

Say that you have a number of windows boxes and macs, plus various other O/Ss. The MS Windows boxen publish DNS by LLMNR (https://en.wikipedia.org/wiki/Link-Local_Multicast_Name_Resolution)  and the Mac OSX boxes publish via mDNS (https://en.wikipedia.org/wiki/Multicast_DNS) / Bonjour (https://en.wikipedia.org/wiki/Bonjour_(software)). I believe these are vaguely similar but not the same, annoyingly they couldn’t agree and I wish they would upgrade both to bring them towards convergence who that they would become inter-operable. Avahi (https://en.wikipedia.org/wiki/Avahi_(software)) Bonjour/mDNS is, I believe, available for Linux but it’s an add-in and if I understand it it is available as a component for use by certain apps but I don’t know about it being integrated into the main o/s core dns - completely ignorant here so please accept my apologies.

Proposal: It seems to me that if a router such as my Firebrick were to implement both mDNS and LLMNR client functions then it could discover the addresses of any machines on the LAN that speak these protocols; it then could then re-publish discovered addresses to all Firebrick clients, including clients who may not have those protocols, such as my iPad (possibly?) This might greatly enhance the capabilities of some clients possibly and improve inter-operability ? As a central point accessed by DNS users the Firebrick could be a bridge between incompatible protocols/lack of protocols.

I think mDNS code (in C presumably) is available for free on github in the case of Avahi. LLMNR implementation however might be a lot of work unless someone else has already done this job.

What do you think ? I am not having to do the work though.

Title: Re: Idea for feature request for Firebrick and other routers
Post by: dee.jay on September 23, 2019, 05:04:25 PM

As someone who used to run Active Directory networks - LLMNR is something that should be turned off on Windows clients in all honesty. It is a huge security risk in a corporate network, because it enables a nefarious person to simply listen on the network for LLMNR responses, as it includes the hash of the users credentials in a response message.

Title: Re: Idea for feature request for Firebrick and other routers
Post by: Weaver on September 24, 2019, 10:08:08 PM

I didn’t know about the security problems with it.

Title: Re: Idea for feature request for Firebrick and other routers
Post by: dee.jay on September 25, 2019, 08:29:08 AM

Yes, I've worked in companies where we've had pentests conducted - LLMNR (coupled with one or two other poorly secured things in Windows networks) basically allow for anyone to sit and listen to the LLMNR responses. Those hashes I mention can be replayed through John the Ripper (password recovery tool) or some such.

Took all of 15 minutes for the tester to find someone with a domain administrator account and a weak password . . .