reinitialized.net/infrastructure
2
0
Fork 0
Code Issues 37 Pull requests Projects Releases Packages Wiki Activity Actions

[HIGH] LLMNR enabled on hosts — vulnerable to MITM/credential harvesting #32

New issue
Open
opened 2026-05-05 17:51:43 -05:00 by pjennings · 0 comments
pjennings commented 2026-05-05 17:51:43 -05:00
Owner
Copy link

Description

Link-Local Multicast Name Resolution (LLMNR) is enabled on ai1/cortex (10.1.11.9), listening on port 5355/udp.

Finding Details

  • Host: ai1/cortex (10.1.11.9)
  • Port: 5355/udp
  • Service: systemd-resolved (LLMNR)
  • Discovered by: nmap network scan (2026-05-05)

Risk

LLMNR is a legacy name resolution protocol that can be exploited for:

  • MITM attacks — tools like Responder can poison LLMNR responses
  • Credential harvesting — NTLM relay attacks via LLMNR
  • Network reconnaissance — reveals host information

Recommendation

Disable LLMNR on all hosts — DNS and mDNS are sufficient for name resolution.

NixOS Configuration

services.resolved = {
  enable = true;
  llmnr = "false"; # Disable LLMNR
  # Keep mDNS if needed for local discovery
  mdns = "resolve"; 
};

Or via systemd-resolved config:

[Resolve]
LLMNR=no
MDNS=resolve

References

## Description Link-Local Multicast Name Resolution (LLMNR) is enabled on ai1/cortex (10.1.11.9), listening on port 5355/udp. ## Finding Details - **Host:** ai1/cortex (10.1.11.9) - **Port:** 5355/udp - **Service:** systemd-resolved (LLMNR) - **Discovered by:** nmap network scan (2026-05-05) ## Risk LLMNR is a legacy name resolution protocol that can be exploited for: - **MITM attacks** — tools like Responder can poison LLMNR responses - **Credential harvesting** — NTLM relay attacks via LLMNR - **Network reconnaissance** — reveals host information ## Recommendation Disable LLMNR on all hosts — DNS and mDNS are sufficient for name resolution. ### NixOS Configuration ```nix services.resolved = { enable = true; llmnr = "false"; # Disable LLMNR # Keep mDNS if needed for local discovery mdns = "resolve"; }; ``` Or via systemd-resolved config: ```ini [Resolve] LLMNR=no MDNS=resolve ``` ## References - [Microsoft LLMNR Deprecation](https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2022-r2/dd197552(v=ws.10)) - [Responder Tool](https://github.com/lgandx/Responder) - Related: docs/network-scan-2026-05-05.md (Finding F6)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
indev
No results found.
Labels
Clear labels   
area:documentation

Documentation, inventory, runbooks

  
area:infrastructure

Infrastructure services and hardware

  
area:network

Network, firewall, and connectivity

  
area:security

Security vulnerabilities and findings

  
priority:critical

Fix immediately — active risk

  
priority:high

Fix within 1-2 weeks

  
priority:low

Backlog — hardening and best practices

  
priority:medium

Fix within 1 month

  
status:blocked

Blocked on dependency or decision

  
type:bug

Misconfiguration or broken behavior

  
type:deployment

New service or system deployment

  
type:enhancement

Improvement or hardening

  
type:investigation

Needs research or identification

No labels
area:documentation
area:infrastructure
area:network
area:security
priority:critical
priority:high
priority:low
priority:medium
status:blocked
type:bug
type:deployment
type:enhancement
type:investigation
Milestone
Clear milestone
No items
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
reinitialized.net/infrastructure#32
No description provided.