Disabling LLMNR and NBNS

Hey guys!

So, my org recently underwent a network pentest and one of the findings was that we were vulnerable to Responder, thanks to LLMNR being enabled.

I would just like to know, have any of you disabled LLMNR and NBNS in your environment?

After disabling LLMNR and/or NBNS, have you noticed any impact on your connectivity?

Looking forward to your replies and advice

Find more posts tagged with

Comments

gespenstern

Pretty much safe to disable (and as a bonus gets rid of a significant portion of the network noise).

Unless you run legacy 20+ year old network applications relying on broadcasts.

NBNS isn't to blame, NBNS broadcasts are to blame. Unicasts towards WINS (if you still run it) should still be fine and not "responderable".

Another anti-responder option is to digitally sign SMB communications (was around since nineties and supported by everything).

In modern enterprise networks everything relies (or at least should) on DNS. Anyway, we disabled this in a ~20K employee international network and didn't break anything major.