Options
Disabling LLMNR and NBNS
Hey guys!
So, my org recently underwent a network pentest and one of the findings was that we were vulnerable to Responder, thanks to LLMNR being enabled.
I would just like to know, have any of you disabled LLMNR and NBNS in your environment?
After disabling LLMNR and/or NBNS, have you noticed any impact on your connectivity?
Looking forward to your replies and advice
So, my org recently underwent a network pentest and one of the findings was that we were vulnerable to Responder, thanks to LLMNR being enabled.
I would just like to know, have any of you disabled LLMNR and NBNS in your environment?
After disabling LLMNR and/or NBNS, have you noticed any impact on your connectivity?
Looking forward to your replies and advice
Comments
-
Options
gespenstern
Member Posts: 1,243 ■■■■■■■■□□
Pretty much safe to disable (and as a bonus gets rid of a significant portion of the network noise).
Unless you run legacy 20+ year old network applications relying on broadcasts.
NBNS isn't to blame, NBNS broadcasts are to blame. Unicasts towards WINS (if you still run it) should still be fine and not "responderable".
Another anti-responder option is to digitally sign SMB communications (was around since nineties and supported by everything).
In modern enterprise networks everything relies (or at least should) on DNS. Anyway, we disabled this in a ~20K employee international network and didn't break anything major.