potential Multicast DNS vulnerability.

[calkob]

i set up a Node running over Tor last week and am now receiving a message from my ISP that i am vulnerable to a potential Multicast DNS vulnerability.  I have read that this is something to do with using 127.0.0.1 but don't really get why.  Anyone understand whats going on here?

I have put the text from the ISP provider below for reference.


Letter Text

Your home devices could be at risk

We're writing to let you know that a device connected to your home network has been identified as having a potential Multicast DNS vulnerability.

Multicast DNS is commonly used to share music and video streaming services between devices on your home network. When exposed to the wider Internet, it can be misused by 3rd parties in order to commit abuse.

It is therefore important that you follow the advice in this letter.

What has happened?

We suspect the device may have been misconfigured by you, someone in your household or without your knowledge. If the settings are left unchanged they can be exploited to unwittingly participate in malicious activities, for example a Distributed Denial of Service (DDoS) attack.

[1715084253]

1715084253

[1715084253]

1715084253

[1715084253]

1715084253

[AdolfinWolf]

We suspect the device may have been misconfigured by you, someone in your household or without your knowledge. If the settings are left unchanged they can be exploited to unwittingly participate in malicious activities, for example a Distributed Denial of Service (DDoS) attack.

I'm not sure if this is 100% the case here; but often when people do things such as running nodes on their home network (and especially anything to do with tor/ other "nefarious" traffic)- these are send out in "error" -

 they simply see a huge influx of traffic going through your network, due to the node you have running over tor, and because it's running over tor, it's often seen by the internet provider as "malicious" traffic. Hence, they ask you to close your ports, and check your firewall, as is mentioned here; https://www.virginmedia.com/help/multicast-dns-vulnerability-alert

You could try to do so (and by that i mean fixing the multicast "vulnerability") but i'm afraid you'll break your node in the process of doing so. (As running your node is most likely what sent out the warning in the first place; but; as i said; i'm not 100% sure.)

[DaveF]

You did not say where you are or who your provider is but:
Is your modem / router whatever provided by you or your ISP?
If not what is the make / model?

Same with your router / firewall. Yours or theirs?
If yours make / model?

If they supplied it it's their problem if you did that is usually the device they see.

Moving into your network have you added anything? Wi-Fi speakers that were a Christmas gift?
Other things? Smart bulb controller?

PDF talking about it (long read) https://tinyurl.com/sqsczcz

-Dave

[calkob]

Thanks for the replies guys much appreciated.  I am certain that the problem is due to the Tor node but was just looking to see if anyone else had experience in why this would be. 

Cheers

[calkob]

Thanks, just as i thought.