How to stop mdns request traffic on WAN ?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

How to stop mdns request traffic on WAN ?

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
How to stop mdns request traffic on WAN ?
How to stop mdns request traffic on WAN ?
2021-05-07 01:06:13 - last edited 2021-05-07 19:45:51
Model: Archer A20  
Hardware Version: V3
Firmware Version: 1.0.3 Build 20191026 rel.16299(5553)

My configuration is  Cable modem -> switch -> Router -> Lan.

 

When I monitor the traffic by mirroring the  modem <-> router traffic I notice that the router

is publishing my LAN network map via in-addr MDNS requests to port 5353.  Besides being

a security / privacy leak I'm a bit nervous about what happens if someone answers ....

 

 

Two questions:

 

1) Does this traffic originate with the router or is the router forwarding multicast from lan to wan ?

 

2) How do I disable it ?  I don't need this traffic on my lan so either completely off or just not to WAN would be fine.

 

Update:   Realized that since this is multicast it is easier to see without port mirroring if I just disable

igmp_snooping on the switch.  Censored output but notice tp-link is sending out local lan host list once every 10 seconds.

 

login@hidden:~# tcpdump  -i eth0.2 not arp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
10:25:38.031750 IP <A20 public IP>.49005 > 224.0.0.251.5353: 9018 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:38.071383 IP <A20 public IP>.37574 > 224.0.0.251.5353: 9019 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:38.101449 IP <A20 public IP>.56610 > 224.0.0.251.5353: 9020 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:38.151282 IP <A20 public IP>.60249 > 224.0.0.251.5353: 9021 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:38.181455 IP <A20 public IP>.38214 > 224.0.0.251.5353: 9022 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:38.241467 IP <A20 public IP>.39804 > 224.0.0.251.5353: 9023 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:38.270186 IP <A20 public IP>.51253 > 224.0.0.251.5353: 9024 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:38.331354 IP <A20 public IP>.55794 > 224.0.0.251.5353: 9025 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:38.361465 IP <A20 public IP>.42825 > 224.0.0.251.5353: 9026 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:38.411493 IP <A20 public IP>.34848 > 224.0.0.251.5353: 9027 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:38.441535 IP <A20 public IP>.38812 > 224.0.0.251.5353: 9028 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.381382 IP <A20 public IP>.53748 > 224.0.0.251.5353: 9029 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.401440 IP <A20 public IP>.52882 > 224.0.0.251.5353: 9030 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.441549 IP <A20 public IP>.51232 > 224.0.0.251.5353: 9031 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.461451 IP <A20 public IP>.43853 > 224.0.0.251.5353: 9032 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.501469 IP <A20 public IP>.57395 > 224.0.0.251.5353: 9033 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:49.521442 IP <A20 public IP>.38496 > 224.0.0.251.5353: 9034 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:49.561453 IP <A20 public IP>.36880 > 224.0.0.251.5353: 9035 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:49.581458 IP <A20 public IP>.53261 > 224.0.0.251.5353: 9036 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:49.620229 IP <A20 public IP>.53736 > 224.0.0.251.5353: 9037 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:49.641491 IP <A20 public IP>.39542 > 224.0.0.251.5353: 9038 PTR (QM)? x.x.168.192.in-addr.arpa. (43)
10:25:49.681477 IP <A20 public IP>.35211 > 224.0.0.251.5353: 9039 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.701082 IP <A20 public IP>.60462 > 224.0.0.251.5353: 9040 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.741458 IP <A20 public IP>.56832 > 224.0.0.251.5353: 9041 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.761452 IP <A20 public IP>.57275 > 224.0.0.251.5353: 9042 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.801513 IP <A20 public IP>.60933 > 224.0.0.251.5353: 9043 PTR (QM)? x.x.168.192.in-addr.arpa. (44)
10:25:49.821521 IP <A20 public IP>.44895 > 224.0.0.251.5353: 9044 PTR (QM)? x.x.168.192.in-addr.arpa. (44)

 

Can't see unicast on the LAN but all I notice for multicast is chromcast broadcasts on a 30 second repeat and a machine that needs to have itunes removed broadcasting once every 5 minutes or so.  The only queries are for _google and _android addresses so I don't see why they would trigger wan in-addr.arpa.

 

  0      
  0      
#1
Options

Information

Helpful: 0

Views: 1560

Replies: 0

Related Articles