SlideShare a Scribd company logo

Part 2 - Local Name Resolution in Windows Networks

Men and Mice
Men and Mice

Webinar Trilogy - Part 2, Local Name Resolution in Windows Networks

Technology
1 of 41
Men & Mice Webinar Trilogy Rethinking Name Resolution in Local Networks Local Name Resolution in Windows Networks
Local Name Resolution in Windows Networks • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar we will take a look at PNRP and LLMNR and how these protocols can be used to have server-less name resolution without a centralised DNS infrastructure. 2
LLMNR Link Local Multicast Resolution
LLMNR 4 • LLMNR provides serverless name resolution on the local link ( = inside the same local subnet) • LLMNR has been documented as an informal RFC by the IETF in RFC 4795 (January 2007)
 https://www.ietf.org/rfc/rfc4795.txt
LLMNR • On the wire, LLMNR works very similar to DNS • But queries are not send to a DNS resolver, but instead to all hosts in the local subnet that have subscribed to the LMNR Multicast address • LLMNR operates on Port 5355 • IPv4 multicast address: 224.0.0.252 • IPv6 multicast address: ff02::1:3 5
LLMNR • LLMNR only operates on short, single label names • A host with the DNS name "windowspc.home.arpa." has the LLMNR name "windowspc" 6
LLMNR • LLMNR can be used on the command line …
 
 ping windowspc • … and as well as in graphical applications. Some applications like web-browser assume multi label hostnames (with at least one dot "." In the name). • A single label name is often seen as a search request. • To use LLMNR single label names in a Browser, enclose the name in a proper URL, like:
 
 http://windowspc/ 7
LLMNR • Every modern Windows System (Client, Server) will send LLMNR requests to the network • But only Systems with enabled "Network Discovery" will listen for LLMNR queries and answer • Network Discovery is disabled for Networks of type "public" and "work" and must be manually enabled to work in these environments 8
LLMNR • The state of LLMNR name resolution can be queried from NetShell (netsh)
 
 netsh dnsclient show state 9
LLMNR • Sending LLMNR requests can be disabled via a group policy
 Group Policy
 Computer Configuration
 Administrative Templates
 Network
 DNS Client
 Turn off Multicast Name Resolution. 
 
 (Enabled = Don’t use LLMNR, Disabled = Use LLMNR) 10
LLMNR • LLMNR requests can also be controlled locally using a registry key • Path: 
 HKLMSoftwarepoliciesMicrosoftWindows NTDNSClient • Key: EnableMulticast • Type: REG_DWORD • Values: 0 == Disabled / 1 == Enabled 11
LLMNR • LLMNR name resolution can be tested with the 
 "Resolve-DnsName" PowerShell commandlet and the 
 "-LlmnrOnly" parameter 12
Demo
LLMNR security • Like plain old DNS, LLMNR is not authenticated (no DNSSEC) • LLMNR responses can be spoofed by an attacker on the local network • Use of LLMNR is dangerous on public (Wifi, Hotel, Airport …) networks • Blog Post on a possible attack using LLMNR: "How to get Windows to give you credentials through LLMNR":
 https://www.pentestpartners.com/security-blog/how-to-get- windows-to-give-you-credentials-through-llmnr/ • Ready-to-use LLMNR spoofing tools exist, like "Inveigh"
 https://github.com/Kevin-Robertson/Inveigh 14
PNRP Peer Name Resolution Protocol
PNRP • PNRP is a Peer-to-Peer name resolution protocol designed by Microsoft • The PNRP specification is open[1], but so far, only Windows Systems since Windows Vista implement this protocol • PNRP requires IPv6 to work, but on an IPv4 only network, the Windows system will automatically create a Teredo IPv6-over-IPv4 tunnel to make PNRP work • PNRP can resolve IPv6 and IPv4 addresses 16 [1] https://msdn.microsoft.com/en-us/library/cc239047.aspx
PNRP cloud • PNRP is implemented as multiple distributed hash tables (DHT)[1] • Every PNRP node "knows" the addresses of it's "neighbours" in the PNRP cloud • By default, a local and a public (global) PNRP-Cloud exists 17 [1] https://en.wikipedia.org/wiki/Distributed_hash_table
PNRP addresses • PNRP addresses are calculated from a human friendly name (Classifier) and (optionally) a cryptographic key (Authority) • The cryptographic key can be zero ("0") for "no key", which makes the resulting PNRP-name human-friendly but insecure • When using a real cryptographic key, the PNRP client can verify that the resolved name is really the indented one (and not a spoofed address) 18
PNRP Adresses 19
PNRP-ID • The PNRP-ID is generated as a hash of the P2P-ID and the Service-Location. The Service-Location is a 128bit value that is derived from the hosts IPv6 address 20
PNRP Ports • PNRP uses UDP-Port 3450 for the PNRP communication with the outside world • For link-local communication, also Port 1900 for the Simple Service Discovery Protocol (SSDP) needs to be enable • In IPv4-only networks, Teredo needs to be permitted through firewalls as well • IPv6 via Teredo can be unstable, native IPv6 is preferred 21
Using PNRP • NetShell can be used to check the state of the PNRP clouds • In this example, PNRP is not active 22
Using PNRP • PNRP is now active on the Link-Local network, but there is no connection to the outside (IPv6) PNRP-cloud 23
Using PNRP • No connection to the outside world in an IPv4-only network often is a problem with the Teredo protocol: 24
Seeding PNRP • To be able to start PNRP name resolution, a Windows system needs some PNRP hosts (peers) to communicate • The initial list of peers is loaded from so called "seed" servers (pnrpv2.ipv6.microsoft.com and pnrpv21.ipv6.microsoft.com) • These names are resolved over classic DNS and are only reachable via IPv6 • Seeding can be forced with 
 netsh p2p pnrp cloud synchronize seed <Cloud> 25
Register a name in PNRP • PNRP does not auto-register names • PNRP names can be registered for publication using NetShell or the WindowsAPI • NetShell example (Authority of "0" = insecure name):
 
 netsh p2p pnrp peer add registration 0.mywebserver comment="Dev-Server" 26
Register a name in PNRP • The tool "PNRP- Beacon"[1] can be used to register a PNRP-name inside a GUI 27 [1] http://ftp.gwdg.de/pub/magazine/ct/listings/0904-098.zip
Registering PNRP names • PNRP names registered as shown via NetShell or PNRP- Beacon are not persistent • They are gone after a reboot of the system • Persistent PNRP names can be generated using the Windows Internet Computer Name service (WICN)[1], which can also be controlled via NetShell
 
 netsh p2p pnrp peer set machinename name="0.mypnrpname" publish=start autopublish=enable 28 [1] https://technet.microsoft.com/en-us/library/bb962088.aspx
Registering PNRP names • The status of the WICN service can be listed with 
 
 29
Register a name in PNRP • The NetShell command "show names" will list all registered named on this host 30
Resolving a PNRP-Name • PNRP names can be resolved via NetShell, the Windows API or through the Windows DNS-Client • The Windows DNS-Client will intercept all queries for domain names that end in the domain pnrp.net and will send the query to the PNRP subsystem • This works best with insecure names (Authority "0") • The PNRP name 0.mywebserver becomes the DNS-Name mywebserver.pnrp.net • Such a name is global resolvable, in if the host has IPv6, it is also reachable from the global Internet 31
Resolving a PNRP name • PNRP Names can also be resolved using NetShell with the command
 
 netsh p2p pnrp peer resolve <name> 32
Resolving a name in PNRP • PNRP-Beacon can also be used to resolve names and to display information about the remove machines (IPv4, IPv6 address, Windows Version, CPU Count) 33
PNRP Traceroute • NetShell offers a PNRP-Traceroute command to list the PNRP-Peers used in name resolution 34
Demo
PNRP Security • The Security of PNRP-Names without Authority (public key) is similar to classic DNS • These names are insecure and can be spoofed by anyone in the PNRP cloud. This is actually intended by the protocol, so that multiple hosts can announce the same service • PNRP-Names with public key are protected against spoofing, however spoofing PNRP names, while hard, is not impossible. When connecting to a sensible service via PNRP, additional authentication should be used 36
Next
Men & Mice Training • Men & Mice DNS Trainings in 2018: • DNS & BIND Fundamentals • DNS & BIND Advanced • DNS & BIND Week • DNSSEC & BIND • Planned dates for the courses in English language • US East Coast - 2018-02-26 • Europe - 2018-04-09 • US West Coast - 2018-05-21 • Europe - 2018-06-25 38 http://menandmice.com/training
Men & Mice Training • Training @ Linuxhotel Essen, Germany • DNSSEC & DANE Training, 3 days
 19.03 - 21.03.18 • DNS & BIND, 3 days 
 16.04 - 18.04.18 • DNS Sicherheit (DNS Security), 2 days
 19.04 - 20.04.18 • DNSSEC & DANE Training, 3 days
 04.06 - 06.06.18 • DNS & BIND, 3 days
 06.08 - 08.08.18 • DNS Sicherheit (DNS Security), 2 days
 09.08 - 10.08.18 39 http://linuxhotel.de/
Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 40
Fini - Q & A

Recommended

Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution processkannanragothaman
 
Dhcp
DhcpDhcp
DhcpChinmoy Jena
 
Dns(Domain name system)
Dns(Domain name system)Dns(Domain name system)
Dns(Domain name system)Fâhém Ähmêd
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemAashima Wadhwa
 
Class notes fhrp,hsrp,vrrp
Class notes fhrp,hsrp,vrrpClass notes fhrp,hsrp,vrrp
Class notes fhrp,hsrp,vrrpSagarR24
 
Ospf
OspfOspf
OspfJoshua Fonseca
 

Recommended

Deploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsDeploying IPv6 in OpenStack Environments
Deploying IPv6 in OpenStack EnvironmentsShannon McFarland
 
Dns name resolution process
Dns name resolution processDns name resolution process
Dns name resolution processkannanragothaman
 
Dhcp
DhcpDhcp
DhcpChinmoy Jena
 
Dns(Domain name system)
Dns(Domain name system)Dns(Domain name system)
Dns(Domain name system)Fâhém Ähmêd
 
HSRP ccna
HSRP ccna HSRP ccna
HSRP ccna MohamedJafar5
 
Domain Name System
Domain Name SystemDomain Name System
Domain Name SystemAashima Wadhwa
 
Class notes fhrp,hsrp,vrrp
Class notes fhrp,hsrp,vrrpClass notes fhrp,hsrp,vrrp
Class notes fhrp,hsrp,vrrpSagarR24
 
Ospf
OspfOspf
OspfJoshua Fonseca
 
dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocolkinish kumar
 
IP Addressing
IP AddressingIP Addressing
IP AddressingKishore Kumar
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
Memory Compaction in Linux Kernel.pdf
Memory Compaction in Linux Kernel.pdfMemory Compaction in Linux Kernel.pdf
Memory Compaction in Linux Kernel.pdfAdrian Huang
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 
IP Multicasting
IP MulticastingIP Multicasting
IP MulticastingTharindu Kumara
 
CCNAv5 - S3: Chapter9 IOS Images and Licensing
CCNAv5 - S3: Chapter9 IOS Images and LicensingCCNAv5 - S3: Chapter9 IOS Images and Licensing
CCNAv5 - S3: Chapter9 IOS Images and LicensingVuz Dở Hơi
 
Domain name system
Domain name systemDomain name system
Domain name systemDiwaker Pant
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)Venkatesh Jambulingam
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
Port forwarding
Port forwardingPort forwarding
Port forwardingRonak Mehta
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Group policy objects
Group policy objectsGroup policy objects
Group policy objectsMianMuhammadMuaz
 
DHCP
DHCPDHCP
DHCPnajirasalam
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetjulianlz
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, greSim Janghoon
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introductionGuider Lee
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol AMahmmoud Mahdi
 
Dns2
Dns2Dns2
Dns2Himani Singh
 
Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionMahmmoud Mahdi
 
08Mapping.ppt
08Mapping.ppt08Mapping.ppt
08Mapping.pptMalikNuman8
 

More Related Content

What's hot

dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocolkinish kumar
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesIvan Pepelnjak
 
Memory Compaction in Linux Kernel.pdf
Memory Compaction in Linux Kernel.pdfMemory Compaction in Linux Kernel.pdf
Memory Compaction in Linux Kernel.pdfAdrian Huang
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNSAkshay Tiwari
 
CCNAv5 - S3: Chapter9 IOS Images and Licensing
CCNAv5 - S3: Chapter9 IOS Images and LicensingCCNAv5 - S3: Chapter9 IOS Images and Licensing
CCNAv5 - S3: Chapter9 IOS Images and LicensingVuz Dở Hơi
 
Domain name system
Domain name systemDomain name system
Domain name systemDiwaker Pant
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dnsAnand Grewal
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLIHoàng Hải Nguyễn
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecturehugo lu
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheetjulianlz
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, greSim Janghoon
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introductionGuider Lee
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol AMahmmoud Mahdi
 

What's hot (20)

dynamic host configuration protocol
dynamic host configuration protocoldynamic host configuration protocol
dynamic host configuration protocol
 
IP Addressing
IP AddressingIP Addressing
IP Addressing
 
NAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutesNAT64 and DNS64 in 30 minutes
NAT64 and DNS64 in 30 minutes
 
Memory Compaction in Linux Kernel.pdf
Memory Compaction in Linux Kernel.pdfMemory Compaction in Linux Kernel.pdf
Memory Compaction in Linux Kernel.pdf
 
Domain Name System DNS
Domain Name System DNSDomain Name System DNS
Domain Name System DNS
 
IP Multicasting
IP MulticastingIP Multicasting
IP Multicasting
 
CCNAv5 - S3: Chapter9 IOS Images and Licensing
CCNAv5 - S3: Chapter9 IOS Images and LicensingCCNAv5 - S3: Chapter9 IOS Images and Licensing
CCNAv5 - S3: Chapter9 IOS Images and Licensing
 
Domain name system
Domain name systemDomain name system
Domain name system
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Presentation on dns
Presentation on dnsPresentation on dns
Presentation on dns
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLICCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
CCNA Security Lab 9 - Enabling SSH and HTTPS access to Cisco IOS Routers - CLI
 
The linux networking architecture
The linux networking architectureThe linux networking architecture
The linux networking architecture
 
Group policy objects
Group policy objectsGroup policy objects
Group policy objects
 
DHCP
DHCPDHCP
DHCP
 
Ipv6 cheat sheet
Ipv6 cheat sheetIpv6 cheat sheet
Ipv6 cheat sheet
 
Open stack networking vlan, gre
Open stack networking vlan, greOpen stack networking vlan, gre
Open stack networking vlan, gre
 
IPv6 introduction
IPv6 introductionIPv6 introduction
IPv6 introduction
 
Lesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol ALesson 6: Dynamic Host Configuration Protocol A
Lesson 6: Dynamic Host Configuration Protocol A
 
Dns2
Dns2Dns2
Dns2
 

Similar to Part 2 - Local Name Resolution in Windows Networks

Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionMahmmoud Mahdi
 
GeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS wayGeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS wayMoyd.co LTD
 
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto ZuinOpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto ZuinOpenNebula Project
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)udamale
 
What CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBDWhat CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBDShapeBlue
 
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPMake Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPAPNIC
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local NetworksMen and Mice
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSMen and Mice
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dnsPalanivel Kuppusamy
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsAPNIC
 
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian GrodzickiPROIDEA
 
Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Slawomir Skowron
 

Similar to Part 2 - Local Name Resolution in Windows Networks (20)

Lesson 5: Configuring Name Resolution
Lesson 5: Configuring Name ResolutionLesson 5: Configuring Name Resolution
Lesson 5: Configuring Name Resolution
 
08Mapping.ppt
08Mapping.ppt08Mapping.ppt
08Mapping.ppt
 
GeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS wayGeoDistributed datacenter: the DNS way
GeoDistributed datacenter: the DNS way
 
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto ZuinOpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
OpenNebulaConf 2014 - Geo distributed datacenter: the DNS way - Alberto Zuin
 
NFS(Network File System)
NFS(Network File System)NFS(Network File System)
NFS(Network File System)
 
What CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBDWhat CloudStackers Need To Know About LINSTOR/DRBD
What CloudStackers Need To Know About LINSTOR/DRBD
 
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISPMake Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
Make Internet Safer with DNS Firewall - Implementation Case Study at a Major ISP
 
Make the internet safe with DNS Firewall
Make the internet safe with DNS FirewallMake the internet safe with DNS Firewall
Make the internet safe with DNS Firewall
 
Namespaces for Local Networks
Namespaces for Local NetworksNamespaces for Local Networks
Namespaces for Local Networks
 
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOSPart 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
Part 3 - Local Name Resolution in Linux, FreeBSD and macOS/iOS
 
06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns06 coms 525 tcpip - dhcp and dns
06 coms 525 tcpip - dhcp and dns
 
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAILDNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
DNSSEC - WHAT IS IT ? INSTALL AND CONFIGURE IN CHROOT JAIL
 
Lets talk dns
Lets talk dnsLets talk dns
Lets talk dns
 
Signing DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutionsSigning DNSSEC answers on the fly at the edge: challenges and solutions
Signing DNSSEC answers on the fly at the edge: challenges and solutions
 
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
4Developers 2015: Scaling LAMP doesn't have to suck - Sebastian Grodzicki
 
Dn sonly
Dn sonlyDn sonly
Dn sonly
 
Application Layer
Application LayerApplication Layer
Application Layer
 
2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx2_Chapter 2_DNS.pptx
2_Chapter 2_DNS.pptx
 
Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013Dnscluster @ DevOps Krakow 2013
Dnscluster @ DevOps Krakow 2013
 
Common Network Services
Common Network ServicesCommon Network Services
Common Network Services
 

More from Men and Mice

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesMen and Mice
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encryptedMen and Mice
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsMen and Mice
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption securityMen and Mice
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANEMen and Mice
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial Men and Mice
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practicesMen and Mice
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsMen and Mice
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNSMen and Mice
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?Men and Mice
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootMen and Mice
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 WebinarMen and Mice
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCMen and Mice
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarMen and Mice
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitMen and Mice
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2Men and Mice
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review WebinarMen and Mice
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report WebinarMen and Mice
 

More from Men and Mice (20)

Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network StrategiesCisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
Cisco Live 2019: New Best Practices for Hybrid and Multicloud Network Strategies
 
How to send DNS over anything encrypted
How to send DNS over anything encryptedHow to send DNS over anything encrypted
How to send DNS over anything encrypted
 
The DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rollsThe DNSSEC KSK of the root rolls
The DNSSEC KSK of the root rolls
 
The CAA-Record for increased encryption security
The CAA-Record for increased encryption securityThe CAA-Record for increased encryption security
The CAA-Record for increased encryption security
 
SMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANESMTP STS (Strict Transport Security) vs. SMTP with DANE
SMTP STS (Strict Transport Security) vs. SMTP with DANE
 
DNSSEC signing Tutorial
DNSSEC signing Tutorial DNSSEC signing Tutorial
DNSSEC signing Tutorial
 
BIND 9 logging best practices
BIND 9 logging best practicesBIND 9 logging best practices
BIND 9 logging best practices
 
DNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing SolutionsDNS High-Availability Tools - Open-Source Load Balancing Solutions
DNS High-Availability Tools - Open-Source Load Balancing Solutions
 
Fighting Abuse with DNS
Fighting Abuse with DNSFighting Abuse with DNS
Fighting Abuse with DNS
 
What is new in BIND 9.11?
What is new in BIND 9.11?What is new in BIND 9.11?
What is new in BIND 9.11?
 
Yeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the rootYeti DNS - Experimenting at the root
Yeti DNS - Experimenting at the root
 
Windows Server 2016 Webinar
Windows Server 2016 WebinarWindows Server 2016 Webinar
Windows Server 2016 Webinar
 
Kea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISCKea DHCP – the new open source DHCP server from ISC
Kea DHCP – the new open source DHCP server from ISC
 
DNSTap Webinar
DNSTap WebinarDNSTap Webinar
DNSTap Webinar
 
RIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinarRIPE 71 and IETF 94 reports webinar
RIPE 71 and IETF 94 reports webinar
 
Keeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runitKeeping DNS server up-and-running with “runit
Keeping DNS server up-and-running with “runit
 
PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2PowerDNS Webinar - Part 2
PowerDNS Webinar - Part 2
 
PowerDNS Webinar
PowerDNS Webinar PowerDNS Webinar
PowerDNS Webinar
 
IETF 93 Review Webinar
IETF 93 Review WebinarIETF 93 Review Webinar
IETF 93 Review Webinar
 
RIPE 70 Report Webinar
RIPE 70 Report WebinarRIPE 70 Report Webinar
RIPE 70 Report Webinar
 

Recently uploaded

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 

Part 2 - Local Name Resolution in Windows Networks

  • 1. Men & Mice Webinar Trilogy Rethinking Name Resolution in Local Networks Local Name Resolution in Windows Networks
  • 2. Local Name Resolution in Windows Networks • Microsoft operating systems have a long history of local name resolution solutions, from NetBIOS over WINS to the LLMNR and PNRP protocols today. • In this webinar we will take a look at PNRP and LLMNR and how these protocols can be used to have server-less name resolution without a centralised DNS infrastructure. 2
  • 4. LLMNR 4 • LLMNR provides serverless name resolution on the local link ( = inside the same local subnet) • LLMNR has been documented as an informal RFC by the IETF in RFC 4795 (January 2007)
 https://www.ietf.org/rfc/rfc4795.txt
  • 5. LLMNR • On the wire, LLMNR works very similar to DNS • But queries are not send to a DNS resolver, but instead to all hosts in the local subnet that have subscribed to the LMNR Multicast address • LLMNR operates on Port 5355 • IPv4 multicast address: 224.0.0.252 • IPv6 multicast address: ff02::1:3 5
  • 6. LLMNR • LLMNR only operates on short, single label names • A host with the DNS name "windowspc.home.arpa." has the LLMNR name "windowspc" 6
  • 7. LLMNR • LLMNR can be used on the command line …
 
 ping windowspc • … and as well as in graphical applications. Some applications like web-browser assume multi label hostnames (with at least one dot "." In the name). • A single label name is often seen as a search request. • To use LLMNR single label names in a Browser, enclose the name in a proper URL, like:
 
 http://windowspc/ 7
  • 8. LLMNR • Every modern Windows System (Client, Server) will send LLMNR requests to the network • But only Systems with enabled "Network Discovery" will listen for LLMNR queries and answer • Network Discovery is disabled for Networks of type "public" and "work" and must be manually enabled to work in these environments 8
  • 9. LLMNR • The state of LLMNR name resolution can be queried from NetShell (netsh)
 
 netsh dnsclient show state 9
  • 10. LLMNR • Sending LLMNR requests can be disabled via a group policy
 Group Policy
 Computer Configuration
 Administrative Templates
 Network
 DNS Client
 Turn off Multicast Name Resolution. 
 
 (Enabled = Don’t use LLMNR, Disabled = Use LLMNR) 10
  • 11. LLMNR • LLMNR requests can also be controlled locally using a registry key • Path: 
 HKLMSoftwarepoliciesMicrosoftWindows NTDNSClient • Key: EnableMulticast • Type: REG_DWORD • Values: 0 == Disabled / 1 == Enabled 11
  • 12. LLMNR • LLMNR name resolution can be tested with the 
 "Resolve-DnsName" PowerShell commandlet and the 
 "-LlmnrOnly" parameter 12
  • 13. Demo
  • 14. LLMNR security • Like plain old DNS, LLMNR is not authenticated (no DNSSEC) • LLMNR responses can be spoofed by an attacker on the local network • Use of LLMNR is dangerous on public (Wifi, Hotel, Airport …) networks • Blog Post on a possible attack using LLMNR: "How to get Windows to give you credentials through LLMNR":
 https://www.pentestpartners.com/security-blog/how-to-get- windows-to-give-you-credentials-through-llmnr/ • Ready-to-use LLMNR spoofing tools exist, like "Inveigh"
 https://github.com/Kevin-Robertson/Inveigh 14
  • 16. PNRP • PNRP is a Peer-to-Peer name resolution protocol designed by Microsoft • The PNRP specification is open[1], but so far, only Windows Systems since Windows Vista implement this protocol • PNRP requires IPv6 to work, but on an IPv4 only network, the Windows system will automatically create a Teredo IPv6-over-IPv4 tunnel to make PNRP work • PNRP can resolve IPv6 and IPv4 addresses 16 [1] https://msdn.microsoft.com/en-us/library/cc239047.aspx
  • 17. PNRP cloud • PNRP is implemented as multiple distributed hash tables (DHT)[1] • Every PNRP node "knows" the addresses of it's "neighbours" in the PNRP cloud • By default, a local and a public (global) PNRP-Cloud exists 17 [1] https://en.wikipedia.org/wiki/Distributed_hash_table
  • 18. PNRP addresses • PNRP addresses are calculated from a human friendly name (Classifier) and (optionally) a cryptographic key (Authority) • The cryptographic key can be zero ("0") for "no key", which makes the resulting PNRP-name human-friendly but insecure • When using a real cryptographic key, the PNRP client can verify that the resolved name is really the indented one (and not a spoofed address) 18
  • 20. PNRP-ID • The PNRP-ID is generated as a hash of the P2P-ID and the Service-Location. The Service-Location is a 128bit value that is derived from the hosts IPv6 address 20
  • 21. PNRP Ports • PNRP uses UDP-Port 3450 for the PNRP communication with the outside world • For link-local communication, also Port 1900 for the Simple Service Discovery Protocol (SSDP) needs to be enable • In IPv4-only networks, Teredo needs to be permitted through firewalls as well • IPv6 via Teredo can be unstable, native IPv6 is preferred 21
  • 22. Using PNRP • NetShell can be used to check the state of the PNRP clouds • In this example, PNRP is not active 22
  • 23. Using PNRP • PNRP is now active on the Link-Local network, but there is no connection to the outside (IPv6) PNRP-cloud 23
  • 24. Using PNRP • No connection to the outside world in an IPv4-only network often is a problem with the Teredo protocol: 24
  • 25. Seeding PNRP • To be able to start PNRP name resolution, a Windows system needs some PNRP hosts (peers) to communicate • The initial list of peers is loaded from so called "seed" servers (pnrpv2.ipv6.microsoft.com and pnrpv21.ipv6.microsoft.com) • These names are resolved over classic DNS and are only reachable via IPv6 • Seeding can be forced with 
 netsh p2p pnrp cloud synchronize seed <Cloud> 25
  • 26. Register a name in PNRP • PNRP does not auto-register names • PNRP names can be registered for publication using NetShell or the WindowsAPI • NetShell example (Authority of "0" = insecure name):
 
 netsh p2p pnrp peer add registration 0.mywebserver comment="Dev-Server" 26
  • 27. Register a name in PNRP • The tool "PNRP- Beacon"[1] can be used to register a PNRP-name inside a GUI 27 [1] http://ftp.gwdg.de/pub/magazine/ct/listings/0904-098.zip
  • 28. Registering PNRP names • PNRP names registered as shown via NetShell or PNRP- Beacon are not persistent • They are gone after a reboot of the system • Persistent PNRP names can be generated using the Windows Internet Computer Name service (WICN)[1], which can also be controlled via NetShell
 
 netsh p2p pnrp peer set machinename name="0.mypnrpname" publish=start autopublish=enable 28 [1] https://technet.microsoft.com/en-us/library/bb962088.aspx
  • 29. Registering PNRP names • The status of the WICN service can be listed with 
 
 29
  • 30. Register a name in PNRP • The NetShell command "show names" will list all registered named on this host 30
  • 31. Resolving a PNRP-Name • PNRP names can be resolved via NetShell, the Windows API or through the Windows DNS-Client • The Windows DNS-Client will intercept all queries for domain names that end in the domain pnrp.net and will send the query to the PNRP subsystem • This works best with insecure names (Authority "0") • The PNRP name 0.mywebserver becomes the DNS-Name mywebserver.pnrp.net • Such a name is global resolvable, in if the host has IPv6, it is also reachable from the global Internet 31
  • 32. Resolving a PNRP name • PNRP Names can also be resolved using NetShell with the command
 
 netsh p2p pnrp peer resolve <name> 32
  • 33. Resolving a name in PNRP • PNRP-Beacon can also be used to resolve names and to display information about the remove machines (IPv4, IPv6 address, Windows Version, CPU Count) 33
  • 34. PNRP Traceroute • NetShell offers a PNRP-Traceroute command to list the PNRP-Peers used in name resolution 34
  • 35. Demo
  • 36. PNRP Security • The Security of PNRP-Names without Authority (public key) is similar to classic DNS • These names are insecure and can be spoofed by anyone in the PNRP cloud. This is actually intended by the protocol, so that multiple hosts can announce the same service • PNRP-Names with public key are protected against spoofing, however spoofing PNRP names, while hard, is not impossible. When connecting to a sensible service via PNRP, additional authentication should be used 36
  • 37. Next
  • 38. Men & Mice Training • Men & Mice DNS Trainings in 2018: • DNS & BIND Fundamentals • DNS & BIND Advanced • DNS & BIND Week • DNSSEC & BIND • Planned dates for the courses in English language • US East Coast - 2018-02-26 • Europe - 2018-04-09 • US West Coast - 2018-05-21 • Europe - 2018-06-25 38 http://menandmice.com/training
  • 39. Men & Mice Training • Training @ Linuxhotel Essen, Germany • DNSSEC & DANE Training, 3 days
 19.03 - 21.03.18 • DNS & BIND, 3 days 
 16.04 - 18.04.18 • DNS Sicherheit (DNS Security), 2 days
 19.04 - 20.04.18 • DNSSEC & DANE Training, 3 days
 04.06 - 06.06.18 • DNS & BIND, 3 days
 06.08 - 08.08.18 • DNS Sicherheit (DNS Security), 2 days
 09.08 - 10.08.18 39 http://linuxhotel.de/
  • 40. Next Webinar • Name Resolution Webinar Trilogy Part 3 – Local Name Resolution in Linux, FreeBSD and macOS/iOS • Wednesday, 29th of November, 2017 • Multicast DNS (mDNS) was pioneered in Apple’s MacOS X system, and is now available on all systems from Cupertino. • The focus of this webinar will be to take a deeper look into this local name- resolution system and the implementations for other Unix systems like Linux and FreeBSD. Linux’s new über-Daemon “systemd” supports both mDNS and the Windows LLMNR (Link-Local-Multicast-Name-Resolution). We will also show how well a Systemd-Linux behaves in heterogenous networks running both Windows and macOS. • Join us for a 45 minutes webinar with a Q&A session at the end, on Wednesday, November 29th, 2017 at 4:00 PM CET/ 3:00 PM GMT/ 10:00 AM EDT / 7:00 AM PDT. 40
  • 41. Fini - Q & A