Don't run public mDNS/avahi-daemon by default in Linux templates
CompletedHi,
the CentOS 7 template (and probably others) offers a public mDNS service by default. This is a security issue since it can be used for DDoS-Amplification attacks. More info on https://mdns.shadowserver.org/
We found open mDNS/avahi-daemon on UDP port 5353 at least in the CentOS 7 template:
centos-7.0-x64-1.8-xen.kvm.kvm_virtio.tar.gz
Please don't run this service by default in the templates. It would be a good idea to confirm with e.g. nmap that a new template doesn't offer any unnecessary service publicly before publishing the template.
Please sign in to leave a comment.
Comments
1 comment