HP JetAdvantage Security Manager 10 Device E-LTU Bedienungsanleitung PDF herunterladen (Seite 71)

typically associated with a specific switch port, multicast packets can flood the switch’s ports. This

may also result in data reaching unintended receivers or serve as a gateway for DoS (Denial of

Service) attacks against all port connected hosts. As is the case with unicast transmission, source

address “spoofing” can occur as well. If IPv4 multicast is not being used to discover HP devices, it is

recommended that it be disabled.

Link-Local Multicast Name Resolution Protocol (LLMNR)

In an IPv6 environment, link-local multicast name resolution (LLMNR), which is based on the domain

name system (DNS) packet format, is used to discover the link-local address of a newly added device.

Typically LLMNR is used when the DNS service is not available. Queries are sent to and received on

port 5355.

Link-local Multicast Name Resolution (LLMNR) is a relatively new protocol (defined in RFC 4795) and

a component of the zero-configuration-networking (zeroconf) methodology. Zeroconf is a

combination of specific technologies that can create a usable local network without manual operator

intervention or configuration. Zeroconf is built on three core technologies: assignment of numeric

network addresses for networked devices, automatic distribution and resolution of computer

hostnames, and automatic location of network services, such as printing devices. The goal of the

LLMNR protocol is to achieve name resolution where conventional DNS name resolution is not

possible.

The LLMNR protocol supports all current and future DNS formats, types, and classes, while operating

on a separate port. Consider LLMNR like an extra layer on top of DNS to help supplement and/or

replace the DNS process for LOCAL name resolution. LLMNR uses simple request and reply messages

similar to DNS, but assigned to a different port (UDP Port 5355) and different cache. Since LLMNR

only operates on the local link, it cannot be considered a substitute for DNS. Link-scope multicast

addresses are used to prevent propagation of LLMNR traffic routers, potentially flooding the network.

LLMNR queries can also be sent to a unicast address. For IPv4, the Responder listens to the link-scope

multicast address of 224.0.0.252. For IPv6, the Responder listens to the multicast address of

FF02::1:3.

LLMNR is a competing technology with mDNS, more commonly known as Bonjour. Bonjour,

previously known as Rendezvous, has been promoted and primarily associated with Apple Inc.

products. The push for LLMNR support, came from Microsoft’s Vista operating system. Both the

technologies’ main goal is to enable networking in the absence of configuration and administration.

Primary differences: Bonjour allows multiple questions to be asked per single query, but LLMNR does

not. Bonjour allows responses to be sent to a multicast address, but LLMNR only allows unicast

responses. On HP Jetdirect devices, LLMNR and mDNS are enabled by default.

LLMNR security vulnerabilities mostly fall into the category of being production disruptive. Malformed

requests or modified broadcast queries to port 5335 could cause DoS (Denial of Service) attacks if an

attacker gained access to the network. If LLMNR is required in the print environment, firewall best

1 2 ... 66 67 68 69 70 71 72 73 74 75 76 ... 115 116

Keine Kommentare

HP JetAdvantage Security Manager 10 Device E-LTU Bedienungsanleitung Seite 71