After noticing this I started wireshark and took a look at my firewall log file. The line I see in the log files over and over is Deny 10.0.3.100 224.0.0.251 mdns/udp 5353 5353 1-Trusted Firebox udp flooding 123 255 (Internal Policy) proc_id="firewall" rc="101" The source ip changes (10.0.3.100) but the message stays the same.

2020年5月5日 · This is expected. (DNS uses port 53) Usually, Apple Bonjour and Linux avahi-daemon services use mDNS to discover network peripherals within the local network. The mDNS protocol is published as RFC 6762, uses IP multicast User Datagram Protocol (UDP) packets, and is implemented by the Apple Bonjour and open source Avahi software packages.

2011年2月11日 · When analyzing the traffic using WireShark, I am seeing that numerous devices are broadcasting and responding using UDP port 5353 to a multicast IP address of 224.0.0.251.

2013年12月3日 · It had been recommended for PCI compliance that I filter incoming traffic to UDP port 5353 please can someone advise what are the steps to do this? I am currently using Centos 5.7 64 bit.

How do I set filter to see only traffic on UDP 5353?

2022年12月28日 · Hi, thanks for your answer! I closed some of the inbound ports in Windows Firewall, while using your answer as a general guide, and so far, it doesn't seem to have impacted the website from my testing. Also, do you know of a good basic guide on the internet to securing a Windows VPS for website use? Just wondering what other steps I need to take to help ensure my VPS is "secure." Thank you.

UDP is easy to spoof source address on, packets could be coming from anywhere. Someone could be forging a packet to your broadcast address. Filter port 5353 incoming and outgoing, multicast DNS should be local. Filter the broadcast address on your firewall.

Good answer. But the ports are confusing. Port 5353 seems like an official, standard mdns port. But what is port 53791? Or on my system, the other port avahi-daemon is connected to is 48268, so it seems randomized and thus yet more confusing.

2019年8月14日 · I have a fresh installation of Ubuntu 18.04 on Google Compute Engine. I have compiled the latest version of Dnsmasq (2.80) with the following configuration: no-resolv server=8.8.8.8 conf-file=/usr...

2020年12月20日 · WORKS disabled firewalld. FAIL running powerDNS service with port 0.0.0.0:5300 or 127.0.0.0:5300 or [localip]:5300. FAIL running PowerDNS on any port other than 53 such as 25, 1000, 1024, 54. FAIL There is some security setting in CentOS 8 Desktop that is restricting services from binding to UDP ports.