LLMNR

Jan 1, 0001

Definition

Link-Local Multicast Name Resolution (LLMNR) is a protocol used in Windows environments to resolve hostnames to IP addresses on a local network without the need for a DNS server. It operates similarly to DNS but uses multicast packets to communicate, which can lead to security vulnerabilities such as spoofing attacks. LLMNR is primarily used when DNS is unavailable, but its use is generally discouraged in secure environments due to these risks.

Secure Settings Example

To disable LLMNR on a Windows machine, you can configure the following Group Policy setting:

# Open Group Policy Editor and navigate to:
# Computer Configuration -> Administrative Templates -> Network -> DNS Client

# Set the following policy:
"Turn off multicast name resolution" = Enabled

Insecure Settings Example

An insecure configuration would be leaving LLMNR enabled, which is often the default setting on Windows machines:

# LLMNR is enabled by default, which can be insecure:
# No specific configuration needed, as it is enabled by default.
# This allows potential attackers to exploit LLMNR for spoofing attacks.

LLMNR

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter