SlideShare a Scribd company logo

Part 2 - Local Name Resolution in Windows Networks

Men and Mice
Men and Mice

Webinar Trilogy - Part 2, Local Name Resolution in Windows Networks

Technology
1 of 41
Men & Mice Webinar Trilogy Rethinking Name Resolution in Local Networks Local Name Resolution in Windows Networks
Local Name Resolution in Windows Networks • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar we will take a look at PNRP and LLMNR and how these protocols can be used to have server-less name resolution without a centralised DNS infrastructure. 2
LLMNR Link Local Multicast Resolution
LLMNR 4 • LLMNR provides serverless name resolution on the local link ( = inside the same local subnet) • LLMNR has been documented as an informal RFC by the IETF in RFC 4795 (January 2007)
 https://www.ietf.org/rfc/rfc4795.txt
LLMNR • On the wire, LLMNR works very similar to DNS • But queries are not send to a DNS resolver, but instead to all hosts in the local subnet that have subscribed to the LMNR Multicast address • LLMNR operates on Port 5355 • IPv4 multicast address: 224.0.0.252 • IPv6 multicast address: ff02::1:3 5
LLMNR • LLMNR only operates on short, single label names • A host with the DNS name "windowspc.home.arpa." has the LLMNR name "windowspc" 6
LLMNR • LLMNR can be used on the command line …
 
 ping windowspc • … and as well as in graphical applications. Some applications like web-browser assume multi label hostnames (with at least one dot "." In the name). • A single label name is often seen as a search request. • To use LLMNR single label names in a Browser, enclose the name in a proper URL, like:
 
 http://windowspc/ 7
LLMNR • Every modern Windows System (Client, Server) will send LLMNR requests to the network • But only Systems with enabled "Network Discovery" will listen for LLMNR queries and answer • Network Discovery is disabled for Networks of type "public" and "work" and must be manually enabled to work in these environments 8
LLMNR • The state of LLMNR name resolution can be queried from NetShell (netsh)
 
 netsh dnsclient show state 9
LLMNR • Sending LLMNR requests can be disabled via a group policy
 Group Policy
 Computer Configuration
 Administrative Templates
 Network
 DNS Client
 Turn off Multicast Name Resolution. 
 
 (Enabled = Don’t use LLMNR, Disabled = Use LLMNR) 10
LLMNR • LLMNR requests can also be controlled locally using a registry key • Path: 
 HKLMSoftwarepoliciesMicrosoftWindows NTDNSClient • Key: EnableMulticast • Type: REG_DWORD • Values: 0 == Disabled / 1 == Enabled 11
LLMNR • LLMNR name resolution can be tested with the 
 "Resolve-DnsName" PowerShell commandlet and the 
 "-LlmnrOnly" parameter 12
Demo
LLMNR security • Like plain old DNS, LLMNR is not authenticated (no DNSSEC) • LLMNR responses can be spoofed by an attacker on the local network • Use of LLMNR is dangerous on public (Wifi, Hotel, Airport …) networks • Blog Post on a possible attack using LLMNR: "How to get Windows to give you credentials through LLMNR":
 https://www.pentestpartners.com/security-blog/how-to-get- windows-to-give-you-credentials-through-llmnr/ • Ready-to-use LLMNR spoofing tools exist, like "Inveigh"
 https://github.com/Kevin-Robertson/Inveigh 14
PNRP Peer Name Resolution Protocol
PNRP • PNRP is a Peer-to-Peer name resolution protocol designed by Microsoft • The PNRP specification is open[1], but so far, only Windows Systems since Windows Vista implement this protocol • PNRP requires IPv6 to work, but on an IPv4 only network, the Windows system will automatically create a Teredo IPv6-over-IPv4 tunnel to make PNRP work • PNRP can resolve IPv6 and IPv4 addresses 16 [1] https://msdn.microsoft.com/en-us/library/cc239047.aspx
PNRP cloud • PNRP is implemented as multiple distributed hash tables (DHT)[1] • Every PNRP node "knows" the addresses of it's "neighbours" in the PNRP cloud • By default, a local and a public (global) PNRP-Cloud exists 17 [1] https://en.wikipedia.org/wiki/Distributed_hash_table
PNRP addresses • PNRP addresses are calculated from a human friendly name (Classifier) and (optionally) a cryptographic key (Authority) • The cryptographic key can be zero ("0") for "no key", which makes the resulting PNRP-name human-friendly but insecure • When using a real cryptographic key, the PNRP client can verify that the resolved name is really the indented one (and not a spoofed address) 18
PNRP Adresses 19
PNRP-ID • The PNRP-ID is generated as a hash of the P2P-ID and the Service-Location. The Service-Location is a 128bit value that is derived from the hosts IPv6 address 20
PNRP Ports • PNRP uses UDP-Port 3450 for the PNRP communication with the outside world • For link-local communication, also Port 1900 for the Simple Service Discovery Protocol (SSDP) needs to be enable • In IPv4-only networks, Teredo needs to be permitted through firewalls as well • IPv6 via Teredo can be unstable, native IPv6 is preferred 21
Using PNRP • NetShell can be used to check the state of the PNRP clouds • In this example, PNRP is not active 22
Using PNRP • PNRP is now active on the Link-Local network, but there is no connection to the outside (IPv6) PNRP-cloud 23
Using PNRP • No connection to the outside world in an IPv4-only network often is a problem with the Teredo protocol: 24
Seeding PNRP • To be able to start PNRP name resolution, a Windows system needs some PNRP hosts (peers) to communicate • The initial list of peers is loaded from so called "seed" servers (pnrpv2.ipv6.microsoft.com and pnrpv21.ipv6.microsoft.com) • These names are resolved over classic DNS and are only reachable via IPv6 • Seeding can be forced with 
 netsh p2p pnrp cloud synchronize seed <Cloud> 25
Register a name in PNRP • PNRP does not auto-register names • PNRP names can be registered for publication using NetShell or the WindowsAPI • NetShell example (Authority of "0" = insecure name):
 
 netsh p2p pnrp peer add registration 0.mywebserver comment="Dev-Server" 26
Register a name in PNRP • The tool "PNRP- Beacon"[1] can be used to register a PNRP-name inside a GUI 27 [1] http://ftp.gwdg.de/pub/magazine/ct/listings/0904-098.zip
Registering PNRP names • PNRP names registered as shown via NetShell or PNRP- Beacon are not persistent • They are gone after a reboot of the system • Persistent PNRP names can be generated using the Windows Internet Computer Name service (WICN)[1], which can also be controlled via NetShell
 
 netsh p2p pnrp peer set machinename name="0.mypnrpname" publish=start autopublish=enable 28 [1] https://technet.microsoft.com/en-us/library/bb962088.aspx
Registering PNRP names • The status of the WICN service can be listed with 
 
 29
Register a name in PNRP • The NetShell command "show names" will list all registered named on this host 30
Resolving a PNRP-Name • PNRP names can be resolved via NetShell, the Windows API or through the Windows DNS-Client • The Windows DNS-Client will intercept all queries for domain names that end in the domain pnrp.net and will send the query to the PNRP subsystem • This works best with insecure names (Authority "0") • The PNRP name 0.mywebserver becomes the DNS-Name mywebserver.pnrp.net • Such a name is global resolvable, in if the host has IPv6, it is also reachable from the global Internet 31
Resolving a PNRP name • PNRP Names can also be resolved using NetShell with the command
 
 netsh p2p pnrp peer resolve <name> 32
Resolving a name in PNRP • PNRP-Beacon can also be used to resolve names and to display information about the remove machines (IPv4, IPv6 address, Windows Version, CPU Count) 33
PNRP Traceroute • NetShell offers a PNRP-Traceroute command to list the PNRP-Peers used in name resolution 34
Demo
PNRP Security • The Security of PNRP-Names without Authority (public key) is similar to classic DNS • These names are insecure and can be spoofed by anyone in the PNRP cloud. This is actually intended by the protocol, so that multiple hosts can announce the same service • PNRP-Names with public key are protected against spoofing, however spoofing PNRP names, while hard, is not impossible. When connecting to a sensible service via PNRP, additional authentication should be used 36
Next
Men & Mice Training • Men & Mice DNS Trainings in 2018: • DNS & BIND Fundamentals • DNS & BIND Advanced • DNS & BIND Week • DNSSEC & BIND • Planned dates for the courses in English language • US East Coast - 2018-02-26 • Europe - 2018-04-09 • US West Coast - 2018-05-21 • Europe - 2018-06-25 38 http://menandmice.com/training
Men & Mice Training • Training @ Linuxhotel Essen, Germany • DNSSEC & DANE Training, 3 days
 19.03 - 21.03.18 • DNS & BIND, 3 days 
 16.04 - 18.04.18 • DNS Sicherheit (DNS Security), 2 days
 19.04 - 20.04.18 • DNSSEC & DANE Training, 3 days
 04.06 - 06.06.18 • DNS & BIND, 3 days
 06.08 - 08.08.18 • DNS Sicherheit (DNS Security), 2 days
 09.08 - 10.08.18 39 http://linuxhotel.de/
Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 40
Fini - Q & A

Recommended

Kafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, Uber
Kafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, UberKafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, Uber
Kafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, UberHostedbyConfluent
 
Dns ppt
Dns pptDns ppt
Dns pptBizuworkk Jemaneh
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Bruno Teixeira
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityBangladesh Network Operators Group
 
IMS Registration Flow
IMS Registration FlowIMS Registration Flow
IMS Registration FlowKent Loh
 

Recommended

Kafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, Uber
Kafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, UberKafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, Uber
Kafka Tiered Storage | Satish Duggana and Sriharsha Chintalapani, UberHostedbyConfluent
 
Dns ppt
Dns pptDns ppt
Dns pptBizuworkk Jemaneh
 
BGP on mikrotik
BGP on mikrotikBGP on mikrotik
BGP on mikrotikAchmad Mardiansyah
 
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017
Cisco Live! :: Introduction to Segment Routing :: BRKRST-2124 | Las Vegas 2017Bruno Teixeira
 
Tutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerTutorial: Using GoBGP as an IXP connecting router
Tutorial: Using GoBGP as an IXP connecting routerShu Sugimoto
 
F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices F5 ASM v12 DDoS best practices
F5 ASM v12 DDoS best practices Lior Rotkovitch
 
Route Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP CommunityBangladesh Network Operators Group
 
IMS Registration Flow
IMS Registration FlowIMS Registration Flow
IMS Registration FlowKent Loh
 
How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchAll Things Open
 
RedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
RedisConf17 - Lyft - Geospatial at Scale - Daniel HochmanRedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
RedisConf17 - Lyft - Geospatial at Scale - Daniel HochmanRedis Labs
 
LDAP
LDAPLDAP
LDAPKhemnath Chauhan
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)Joud Khattab
 
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)Faisal Jatt
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redisDvir Volk
 
Hadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
Hadoop World 2011: Advanced HBase Schema Design - Lars George, ClouderaHadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
Hadoop World 2011: Advanced HBase Schema Design - Lars George, ClouderaCloudera, Inc.
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
 
Redpanda and ClickHouse
Redpanda and ClickHouseRedpanda and ClickHouse
Redpanda and ClickHouseAltinity Ltd
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance TuningRicardo Santos
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application SecurityMarketingArrowECS_CZ
 
Nat
NatNat
NatHumaira Saleem
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleThe Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
 
Introduction to Sharding
Introduction to ShardingIntroduction to Sharding
Introduction to ShardingMongoDB
 
IPv6
IPv6IPv6
IPv6Talal Alsubaie
 
Apache ZooKeeper
Apache ZooKeeperApache ZooKeeper
Apache ZooKeeperScott Leberknight
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionMahmmoud Mahdi
 
08Mapping.ppt
08Mapping.ppt08Mapping.ppt
08Mapping.pptMalikNuman8
 

More Related Content

What's hot

How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchAll Things Open
 
RedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
RedisConf17 - Lyft - Geospatial at Scale - Daniel HochmanRedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
RedisConf17 - Lyft - Geospatial at Scale - Daniel HochmanRedis Labs
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)Joud Khattab
 
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)Faisal Jatt
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redisDvir Volk
 
Hadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
Hadoop World 2011: Advanced HBase Schema Design - Lars George, ClouderaHadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
Hadoop World 2011: Advanced HBase Schema Design - Lars George, ClouderaCloudera, Inc.
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelNetronome
 
Redpanda and ClickHouse
Redpanda and ClickHouseRedpanda and ClickHouse
Redpanda and ClickHouseAltinity Ltd
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance TuningRicardo Santos
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service ProvidersBAKOTECH
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdfn00py1
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleThe Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleColin Charles
 
Introduction to Sharding
Introduction to ShardingIntroduction to Sharding
Introduction to ShardingMongoDB
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDPDaniel T. Lee
 

What's hot (20)

How to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratchHow to build a Kubernetes networking solution from scratch
How to build a Kubernetes networking solution from scratch
 
RedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
RedisConf17 - Lyft - Geospatial at Scale - Daniel HochmanRedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
RedisConf17 - Lyft - Geospatial at Scale - Daniel Hochman
 
LDAP
LDAPLDAP
LDAP
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
 
DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)DHCP (Dynamic Host Configuration Protocol)
DHCP (Dynamic Host Configuration Protocol)
 
Kicking ass with redis
Kicking ass with redisKicking ass with redis
Kicking ass with redis
 
Hadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
Hadoop World 2011: Advanced HBase Schema Design - Lars George, ClouderaHadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
Hadoop World 2011: Advanced HBase Schema Design - Lars George, Cloudera
 
Open vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream KernelOpen vSwitch Offload: Conntrack and the Upstream Kernel
Open vSwitch Offload: Conntrack and the Upstream Kernel
 
Redpanda and ClickHouse
Redpanda and ClickHouseRedpanda and ClickHouse
Redpanda and ClickHouse
 
Zabbix Performance Tuning
Zabbix Performance TuningZabbix Performance Tuning
Zabbix Performance Tuning
 
F5 Solutions for Service Providers
F5 Solutions for Service ProvidersF5 Solutions for Service Providers
F5 Solutions for Service Providers
 
BloodHound Unleashed.pdf
BloodHound Unleashed.pdfBloodHound Unleashed.pdf
BloodHound Unleashed.pdf
 
F5 Web Application Security
F5 Web Application SecurityF5 Web Application Security
F5 Web Application Security
 
Nat
NatNat
Nat
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory Enumeration
 
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScaleThe Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
The Proxy Wars - MySQL Router, ProxySQL, MariaDB MaxScale
 
Introduction to Sharding
Introduction to ShardingIntroduction to Sharding
Introduction to Sharding
 
IPv6
IPv6IPv6
IPv6
 
Apache ZooKeeper
Apache ZooKeeperApache ZooKeeper
Apache ZooKeeper
 
Faster packet processing in Linux: XDP
Faster packet processing in Linux: XDPFaster packet processing in Linux: XDP
Faster packet processing in Linux: XDP
 

Similar to Part 2 - Local Name Resolution in Windows Networks

Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionMahmmoud Mahdi
 
GeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS wayGeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS wayMoyd.co LTD
 
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto ZuinOpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto ZuinOpenNebula Project
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)udamale
 
What CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBDWhat CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBDShapeBlue
 
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPMake Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPAPNIC
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dnsPalanivel Kuppusamy
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian GrodzickiPROIDEA
 
Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Slawomir Skowron
 

Similar to Part 2 - Local Name Resolution in Windows Networks (20)

Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name Resolution
 
08Mapping.ppt
08Mapping.ppt08Mapping.ppt
08Mapping.ppt
 
GeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS wayGeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS way
 
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto ZuinOpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)
 
What CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBDWhat CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBD
 
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPMake Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dns
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
 
Dn sonly
Dn sonlyDn sonly
Dn sonly
 
Application Layer
Application LayerApplication Layer
Application Layer
 
2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx
 
Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013
 
Common Network Services
Common Network ServicesCommon Network Services
Common Network Services
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 

More from Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 

Recently uploaded

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Manik S Magar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024Stephanie Beckett
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 

Recently uploaded (20)

The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!Anypoint Exchange: It’s Not Just a Repo!
Anypoint Exchange: It’s Not Just a Repo!
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024What's New in Teams Calling, Meetings and Devices March 2024
What's New in Teams Calling, Meetings and Devices March 2024
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 

Part 2 - Local Name Resolution in Windows Networks

  • 1. Men & Mice Webinar Trilogy Rethinking Name Resolution in Local Networks Local Name Resolution in Windows Networks
  • 2. Local Name Resolution in Windows Networks • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar we will take a look at PNRP and LLMNR and how these protocols can be used to have server-less name resolution without a centralised DNS infrastructure. 2
  • 4. LLMNR 4 • LLMNR provides serverless name resolution on the local link ( = inside the same local subnet) • LLMNR has been documented as an informal RFC by the IETF in RFC 4795 (January 2007)
 https://www.ietf.org/rfc/rfc4795.txt
  • 5. LLMNR • On the wire, LLMNR works very similar to DNS • But queries are not send to a DNS resolver, but instead to all hosts in the local subnet that have subscribed to the LMNR Multicast address • LLMNR operates on Port 5355 • IPv4 multicast address: 224.0.0.252 • IPv6 multicast address: ff02::1:3 5
  • 6. LLMNR • LLMNR only operates on short, single label names • A host with the DNS name "windowspc.home.arpa." has the LLMNR name "windowspc" 6
  • 7. LLMNR • LLMNR can be used on the command line …
 
 ping windowspc • … and as well as in graphical applications. Some applications like web-browser assume multi label hostnames (with at least one dot "." In the name). • A single label name is often seen as a search request. • To use LLMNR single label names in a Browser, enclose the name in a proper URL, like:
 
 http://windowspc/ 7
  • 8. LLMNR • Every modern Windows System (Client, Server) will send LLMNR requests to the network • But only Systems with enabled "Network Discovery" will listen for LLMNR queries and answer • Network Discovery is disabled for Networks of type "public" and "work" and must be manually enabled to work in these environments 8
  • 9. LLMNR • The state of LLMNR name resolution can be queried from NetShell (netsh)
 
 netsh dnsclient show state 9
  • 10. LLMNR • Sending LLMNR requests can be disabled via a group policy
 Group Policy
 Computer Configuration
 Administrative Templates
 Network
 DNS Client
 Turn off Multicast Name Resolution. 
 
 (Enabled = Don’t use LLMNR, Disabled = Use LLMNR) 10
  • 11. LLMNR • LLMNR requests can also be controlled locally using a registry key • Path: 
 HKLMSoftwarepoliciesMicrosoftWindows NTDNSClient • Key: EnableMulticast • Type: REG_DWORD • Values: 0 == Disabled / 1 == Enabled 11
  • 12. LLMNR • LLMNR name resolution can be tested with the 
 "Resolve-DnsName" PowerShell commandlet and the 
 "-LlmnrOnly" parameter 12
  • 13. Demo
  • 14. LLMNR security • Like plain old DNS, LLMNR is not authenticated (no DNSSEC) • LLMNR responses can be spoofed by an attacker on the local network • Use of LLMNR is dangerous on public (Wifi, Hotel, Airport …) networks • Blog Post on a possible attack using LLMNR: "How to get Windows to give you credentials through LLMNR":
 https://www.pentestpartners.com/security-blog/how-to-get- windows-to-give-you-credentials-through-llmnr/ • Ready-to-use LLMNR spoofing tools exist, like "Inveigh"
 https://github.com/Kevin-Robertson/Inveigh 14
  • 16. PNRP • PNRP is a Peer-to-Peer name resolution protocol designed by Microsoft • The PNRP specification is open[1], but so far, only Windows Systems since Windows Vista implement this protocol • PNRP requires IPv6 to work, but on an IPv4 only network, the Windows system will automatically create a Teredo IPv6-over-IPv4 tunnel to make PNRP work • PNRP can resolve IPv6 and IPv4 addresses 16 [1] https://msdn.microsoft.com/en-us/library/cc239047.aspx
  • 17. PNRP cloud • PNRP is implemented as multiple distributed hash tables (DHT)[1] • Every PNRP node "knows" the addresses of it's "neighbours" in the PNRP cloud • By default, a local and a public (global) PNRP-Cloud exists 17 [1] https://en.wikipedia.org/wiki/Distributed_hash_table
  • 18. PNRP addresses • PNRP addresses are calculated from a human friendly name (Classifier) and (optionally) a cryptographic key (Authority) • The cryptographic key can be zero ("0") for "no key", which makes the resulting PNRP-name human-friendly but insecure • When using a real cryptographic key, the PNRP client can verify that the resolved name is really the indented one (and not a spoofed address) 18
  • 20. PNRP-ID • The PNRP-ID is generated as a hash of the P2P-ID and the Service-Location. The Service-Location is a 128bit value that is derived from the hosts IPv6 address 20
  • 21. PNRP Ports • PNRP uses UDP-Port 3450 for the PNRP communication with the outside world • For link-local communication, also Port 1900 for the Simple Service Discovery Protocol (SSDP) needs to be enable • In IPv4-only networks, Teredo needs to be permitted through firewalls as well • IPv6 via Teredo can be unstable, native IPv6 is preferred 21
  • 22. Using PNRP • NetShell can be used to check the state of the PNRP clouds • In this example, PNRP is not active 22
  • 23. Using PNRP • PNRP is now active on the Link-Local network, but there is no connection to the outside (IPv6) PNRP-cloud 23
  • 24. Using PNRP • No connection to the outside world in an IPv4-only network often is a problem with the Teredo protocol: 24
  • 25. Seeding PNRP • To be able to start PNRP name resolution, a Windows system needs some PNRP hosts (peers) to communicate • The initial list of peers is loaded from so called "seed" servers (pnrpv2.ipv6.microsoft.com and pnrpv21.ipv6.microsoft.com) • These names are resolved over classic DNS and are only reachable via IPv6 • Seeding can be forced with 
 netsh p2p pnrp cloud synchronize seed <Cloud> 25
  • 26. Register a name in PNRP • PNRP does not auto-register names • PNRP names can be registered for publication using NetShell or the WindowsAPI • NetShell example (Authority of "0" = insecure name):
 
 netsh p2p pnrp peer add registration 0.mywebserver comment="Dev-Server" 26
  • 27. Register a name in PNRP • The tool "PNRP- Beacon"[1] can be used to register a PNRP-name inside a GUI 27 [1] http://ftp.gwdg.de/pub/magazine/ct/listings/0904-098.zip
  • 28. Registering PNRP names • PNRP names registered as shown via NetShell or PNRP- Beacon are not persistent • They are gone after a reboot of the system • Persistent PNRP names can be generated using the Windows Internet Computer Name service (WICN)[1], which can also be controlled via NetShell
 
 netsh p2p pnrp peer set machinename name="0.mypnrpname" publish=start autopublish=enable 28 [1] https://technet.microsoft.com/en-us/library/bb962088.aspx
  • 29. Registering PNRP names • The status of the WICN service can be listed with 
 
 29
  • 30. Register a name in PNRP • The NetShell command "show names" will list all registered named on this host 30
  • 31. Resolving a PNRP-Name • PNRP names can be resolved via NetShell, the Windows API or through the Windows DNS-Client • The Windows DNS-Client will intercept all queries for domain names that end in the domain pnrp.net and will send the query to the PNRP subsystem • This works best with insecure names (Authority "0") • The PNRP name 0.mywebserver becomes the DNS-Name mywebserver.pnrp.net • Such a name is global resolvable, in if the host has IPv6, it is also reachable from the global Internet 31
  • 32. Resolving a PNRP name • PNRP Names can also be resolved using NetShell with the command
 
 netsh p2p pnrp peer resolve <name> 32
  • 33. Resolving a name in PNRP • PNRP-Beacon can also be used to resolve names and to display information about the remove machines (IPv4, IPv6 address, Windows Version, CPU Count) 33
  • 34. PNRP Traceroute • NetShell offers a PNRP-Traceroute command to list the PNRP-Peers used in name resolution 34
  • 35. Demo
  • 36. PNRP Security • The Security of PNRP-Names without Authority (public key) is similar to classic DNS • These names are insecure and can be spoofed by anyone in the PNRP cloud. This is actually intended by the protocol, so that multiple hosts can announce the same service • PNRP-Names with public key are protected against spoofing, however spoofing PNRP names, while hard, is not impossible. When connecting to a sensible service via PNRP, additional authentication should be used 36
  • 37. Next
  • 38. Men & Mice Training • Men & Mice DNS Trainings in 2018: • DNS & BIND Fundamentals • DNS & BIND Advanced • DNS & BIND Week • DNSSEC & BIND • Planned dates for the courses in English language • US East Coast - 2018-02-26 • Europe - 2018-04-09 • US West Coast - 2018-05-21 • Europe - 2018-06-25 38 http://menandmice.com/training
  • 39. Men & Mice Training • Training @ Linuxhotel Essen, Germany • DNSSEC & DANE Training, 3 days
 19.03 - 21.03.18 • DNS & BIND, 3 days 
 16.04 - 18.04.18 • DNS Sicherheit (DNS Security), 2 days
 19.04 - 20.04.18 • DNSSEC & DANE Training, 3 days
 04.06 - 06.06.18 • DNS & BIND, 3 days
 06.08 - 08.08.18 • DNS Sicherheit (DNS Security), 2 days
 09.08 - 10.08.18 39 http://linuxhotel.de/
  • 40. Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 40
  • 41. Fini - Q & A