LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 05-27-2012, 12:22 AM   #1
amboxer21
Member
 
Registered: Mar 2012
Location: New Jersey
Distribution: Gentoo
Posts: 281

Rep: Reputation: Disabled
multicast dns


UDP port 5353 is open on my computer. Do I need this port open? I know what dns is but have no idea what a multicast DNS is. I assume it is something of a group like nature.

My network has been very laggish and connections often timeout.

Apparently I cannot block access to this port lol I know that my computer needs the dns in order to access the web but I always thought by default it used port 53. Not port 5353. I did not change it from 53 to 5353. How can I change it back?

Last edited by amboxer21; 05-27-2012 at 12:57 AM.
 
Old 05-27-2012, 11:29 AM   #2
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 3,910

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
Quote:
Originally Posted by amboxer21 View Post
UDP port 5353 is open on my computer. Do I need this port open? I know what dns is but have no idea what a multicast DNS is. I assume it is something of a group like nature.
mDNS isn't really that like DNS; it uses a DNS-like protocol, although it is broadcast from devices advertising their capabilities. It also has a variety of names. Avahi, Bonjour and others are all implementations of broadly the same thing, although different versions may have slightly different capabilities.

You may not need any of this if you have configured all of the networking stuff (router, printer, file server...whatever is relevant) manually, but, if you are relying on automatic configuration of any of this stuff, it'll stop wotking once you block this protocol.

Quote:
Originally Posted by amboxer21 View Post
My network has been very laggish and connections often timeout.
What have you done to pin this down? It really shouldn't have anything to do with mDNS unless eg, the primary DNS server is set to something that doesn't exist (or is only intermittently accessible), and you are falling over from the primary to the secondary.

Mind you, that can be done without mDNS, so0 it is still not clear that mDNS is the only possible cause.

Quote:
Originally Posted by amboxer21 View Post
Apparently I cannot block access to this port lol I know that my computer needs the dns in order to access the web but I always thought by default it used port 53. Not port 5353. I did not change it from 53 to 5353. How can I change it back?
I don't know why you can't block this port. What iptables rules did you use, there might have been an error?

The default for dns is port 53. You probably haven't changed that, but that's unconnected with mDNS (although, if something that doesn't listen on 53 uses mDNS to tell the rest of the network that it does listen on port 53, that could be problematic, but you don't need to block mDNS to cure that, just configure the devices that advertise resources to advertise them correctly).
 
Old 05-28-2012, 06:48 PM   #3
amboxer21
Member
 
Registered: Mar 2012
Location: New Jersey
Distribution: Gentoo
Posts: 281

Original Poster
Rep: Reputation: Disabled
I tried blocking port 5353 but I guess that's the DNS my laptop is using. I used iptables -A INPUT -p udp -j DROP to drop all incoming I reset my iptables then rebooted. I was not able access the net.

My DNS originally was bound to tcp port 53. Then all of the sudden a local server on port 53 appeared. Now its gone and 5353 is open on the udp side. How do I manually change it back? What file do I have to edit?
 
Old 09-24-2012, 06:00 PM   #4
m0be
LQ Newbie
 
Registered: Oct 2011
Posts: 2

Rep: Reputation: Disabled
This sounds like IP6 to me. It does use Multicasting, with such a large address space to consider. Check to see how this is implemented, does your local router have this enabled? My2cents
 
Old 09-24-2012, 06:05 PM   #5
amboxer21
Member
 
Registered: Mar 2012
Location: New Jersey
Distribution: Gentoo
Posts: 281

Original Poster
Rep: Reputation: Disabled
I think this is when I was running 12.xx. I have been using Lubuntu recently. My laptop crapped out and I had to buy a new one. I really didn't feel like installing Arch again. But I upgraded from 11.10 to 12.04 and the port 5353 was open once again. I think it has something to do with how 12 is set up. I reinstalled 11.10 and stuck with it. No more open port 5353.

Anyway, my wireless drivers dont agree with the newer kernel. I will never ever buy a Toshiba again. Thanks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IPv6 multicast listener on a Linux box acting as multicast router maxtux Linux - Networking 0 04-01-2012 09:52 AM
Win2k3 DNS + PFsense DNS Forwarder = No internal DNS resolution Panopticon Linux - Networking 1 11-19-2007 09:59 PM
Multicast vprakash Linux - Networking 0 09-19-2007 07:07 AM
Can I Multicast? donbellioni Linux - Networking 1 09-16-2005 01:36 PM
multicast WiWa Linux - Software 0 02-17-2004 04:27 PM


All times are GMT -5. The time now is 02:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration