github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2024-11-03 04:00:10 -08:00
Code Issues Packages Projects Releases Wiki Activity
Page: Poisoning LLMNR NBT NS MDNS
Pages
DHCP Server Home MultiRelay Network traffic analyze mode Poisoning LLMNR NBT NS MDNS Responder Usage Rogue Authentication Servers RunFinger WPAD
2 Poisoning LLMNR NBT NS MDNS
lgandx edited this page 2021-04-19 23:14:37 -03:00
Table of Contents

Responder's Poisoners

Responder has several poisoners listening and effectively poisoning any target issuing lookup.

  • NetBIOS Name Service (NBT-NS): Windows uses NetBIOS name service to locate a workstation/server not found in either /etc/hosts and via DNS. Maximum query length is 16 chars (NetBIOS name) which is followed by a name suffix used to identify the type of service requested (server, workstations, etc). All queries are sent broadcast, anyone with an answer can respond and resolve the query. This protocol dates from 1984 and is still in use by default on all Windows version.

  • Link-Local Multicast Name Resolution (LLMNR): Introduced in 2006 in Windows Vista, this multicast protocol is used to resolve local names with no TLD such as "ThisIsALongerNameThanSixteenChars". Anyone with an answer can respond and resolve the query.

  • Multicast DNS (MDNS): First implemented in Apple Bonjour and then most linux distribution, it finally made its way to Windows 10. This protocol is very similar to LLMNR, but it resolves local name with a .local TLD.