Don't run public mDNS/avahi-daemon by default in Linux templates

Hi,

the CentOS 7 template (and probably others) offers a public mDNS service by default. This is a security issue since it can be used for DDoS-Amplification attacks. More info on https://mdns.shadowserver.org/

We found open mDNS/avahi-daemon on UDP port 5353 at least in the CentOS 7 template:

centos-7.0-x64-1.8-xen.kvm.kvm_virtio.tar.gz

Please don't run this service by default in the templates. It would be a good idea to confirm with e.g. nmap that a new template doesn't offer any unnecessary service publicly before publishing the template.

Contact Us

Don't run public mDNS/avahi-daemon by default in Linux templates

Comments

Didn't find what you were looking for?