the CentOS 7 template (and probably others) offers a public mDNS service by default. This is a security issue since it can be used for DDoS-Amplification attacks. More info on https://mdns.shadowserver.org/
We found open mDNS/avahi-daemon on UDP port 5353 at least in the CentOS 7 template:
Please don't run this service by default in the templates. It would be a good idea to confirm with e.g. nmap that a new template doesn't offer any unnecessary service publicly before publishing the template.
Please sign in to leave a comment.