Automatic DNS registration and autodiscovery boots up cyber attacks – Sep 2018

Have a look back of the LLMNR technical feature, NetBIOS and Link-Local Multicast Name Resolution (LLMNR) are Microsoft’s name resolution protocols for workgroups and domains designed primarily for name resolution in the LAN. When DNS resolution fails, Windows systems use NetBIOS and LLMNR to search for names. These protocols are designed only for local connections. Above netbios and LLMNR features seems not only provides function to computer user. Meanwhile it allow hacker to re-engineering of this function. Threat actors can spoof an authoritative source for name resolution on a victim network by responding to LLMNR (UDP 5355)/NBT-NS (UDP 137) traffic as if they know the identity of the requested host, effectively poisoning the service so that the victims will communicate with the adversary controlled system.

New vulnerability found on both automatic DNS registration and auto discovery function. UC-CERT announcement aim to alert the world staying alert of these design weakness. For more details, please see below: