可以通过shadowserver来查看开放的mdns(用以反射放大攻击)——中国的在 https://mdns.shadowserver.org/workstation/index.html
Open mDNS Scanning Project
来自:https://mdns.shadowserver.org/
If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).
The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.
These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.
Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.
Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.
Methodology
We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org
If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.
Whitelisting
To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html
Useful Links
- Blog Summary: http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
- Get reports on your network: https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
- Current Whitelist: https://mdns.shadowserver.org/exclude.html
Scan Status
The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.
Statistics on current run
763,855 distinct IPs responded to our mDNS query.
Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.
Top 20 Countries With mDNS Accessible
Country | Total |
---|---|
South Africa | 260,299 |
United States | 109,935 |
Korea, Republic of | 45,438 |
China | 44,335 |
Hong Kong | 31,917 |
France | 27,609 |
Taiwan | 21,223 |
Japan | 21,099 |
Germany | 18,376 |
Italy | 14,397 |
Canada | 14,352 |
Netherlands | 12,987 |
United Kingdom | 12,839 |
Brazil | 10,355 |
Russian Federation | 9,874 |
Poland | 7,196 |
Spain | 7,043 |
Sweden | 6,191 |
Belgium | 5,567 |
India | 4,509 |
Top 20 ASNs With mDNS Accessible
ASN | AS Name | Country | Total |
---|---|---|---|
AS37353 | MacroLAN, | ZA | 258,984 |
AS4766 | KIXS-AS | KR | 18,417 |
AS9318 | SKB | KR | 14,450 |
AS7922 | COMCAST-7922 | US | 12,489 |
AS9304 | HUTCHISON-AS | HK | 11,214 |
AS4134 | CHINANET | CN | 10,847 |
AS3462 | HINET | TW | 10,527 |
AS14061 | DIGITALOCEAN-ASN | US | 9,824 |
AS16276 | OVH, | FR | 9,788 |
AS36351 | SOFTLAYER | US | 8,625 |
AS3215 | AS3215, | FR | 8,309 |
AS3269 | ASN | IT | 7,850 |
AS63949 | LINODE | US | 7,589 |
AS9269 | HKBN-AS | HK | 6,793 |
AS4760 | HKTIMS | HK | 5,854 |
AS1659 | ERX-TANET | TW | 5,532 |
AS4837 | CHINA169 | CN | 5,075 |
AS7018 | ATT-INTERNET4 | US | 4,811 |
AS18116 | HGC-AS | HK | 4,679 |
AS12322 | PROXAD, | FR | 4,212 |
Hosts with _workstation._tcp.local Exposed
![Workstation Service exposed](https://mdns.shadowserver.org/workstation/mdns_workstation_world_current-mini.jpg)
(Click image to enlarge)
If you would like to see more regions click here
Hosts with _http._tcp.local Exposed
![HTTP Service exposed](https://mdns.shadowserver.org/http/mdns_http_world_current-mini.jpg)
(Click image to enlarge)
If you would like to see more regions click here
相关文章
- 中国人的GWAS填充参考之南医大和女娲参考
- CIIS 2022丨共智兴业、汇力强城,第十一届中国智能产业高峰论坛在厦门开幕
- 国产AMR的必修课:在中国市场重新定义「机器人」
- WAIC 2021 | 中国惠普周信宏:AI基础设施——边缘计算演进及趋势
- 2023 年泰晤士世界大学计算机学科排名:清华全球第十三 、中国第一,牛津连续 5 年蝉联榜首
- 中国Linux系统锐捷上线中国市场(linux锐捷)
- 得来不易,WHO宣布中国消除疟疾
- 苹果中国开始返校季大促:买iPad、Mac免费送AirPods
- 中国再次发现来自海外的黑客攻击:蔓灵花攻击行动
- 微软中国CTO韦青:数字化转型的道与术
- 到2025年中国的STEM博士毕业生人数将是美国的两倍 就问你“慌”不?
- 回顾2018朗迪美国峰会,哪些中国公司在“刷脸”?
- [免费] 注册亚马逊云中国账号申领1000元无门槛代金券可用于服务器等