Kutheni uvala i-LLMNR ukuba usebenzisa i-Wi-Fi yoluntu?

Iprothokholi yeLLMNR bubuso obuqhelekileyo kwiimeko zeMicrosoft. Kuthungelwano apho iWindows ingundoqo, yenziwe ngokuzenzekelayo, kwaye ngelixa yayikhe yavakala, namhlanje ihlala ibuhlungu kakhulu kunoncedo. Yiyo loo nto ingumbono olungileyo ukwazi indlela yokuyisebenzisa. uyicima njani iLLMNR ngakumbi ukuba sisebenzisa inethiwekhi yeWiFi yoluntu.

Phambi kokuba wenze naziphi na izigqibo, luluvo olulungileyo ukuqonda ukuba yenza ntoni kwaye kutheni kucetyiswa ukuba uyicime. Iindaba ezimnandi zezokuba ukukhubaza kulula. kuzo zombini iiWindows (ibandakanya iWindows Server) kunye neLinux, nokuba kungemigaqo-nkqubo, uBhaliso, i-Intune, okanye ngokulungiswa kwenkqubo-esonjululwe.

Yintoni iLLMNR kwaye isebenza njani?

LLMNR sisifinyezo se Link-Local Multicast Name ResolutionInjongo yayo kukuba Sombulula amagama enginginya ngaphakathi kwecandelo lendawo ngaphandle kokuxhomekeka kumncedisi we DNSNgamanye amazwi, ukuba umatshini awukwazi ukusombulula igama nge-DNS, unokuzama ukubuza ubumelwane usebenzisa i-multicast ukubona ukuba nabani na "uthatha ingcebiso."

Le ndlela isebenzisa izibuko I-UDP 5355 kwaye yenzelwe ukusebenza ngaphakathi kwinethiwekhi yendawo. Umbuzo uthunyelwe ngosasazo oluninzi kuthungelwano olusondeleyo, kwaye nayiphi na ikhompyutha "eqaphela" igama inokuphendula ngokuthi "ndim lowo." Le yindlela ekhawulezayo nelula yeemeko ezingqongileyo ezincinci okanye eziphuculweyo apho i-DNS yayingafumanekiyo okanye ingenzanga ngqiqo ukuyiqwalasela.

Ngokwesiqhelo, umbuzo we-LLMNR uhambela kwicandelo lendawo, kwaye izixhobo ezimamela eso sithuthi zinokuphendula ukuba zikholelwa ukuba yindawo echanekileyo yokuya. Umda wayo ukhawulelwe kwikhonkco lendawo, kwaye ke igama layo kunye nobizo lwayo "njengesiqwenga" xa kungekho nkonzo yamagama esesikweni kwinethiwekhi.

Kangangeminyaka, ngakumbi kuthungelwano oluncinci okanye kwi-ad-hoc deployments, yabonakala iluncedo. Namhlanje, kunye ne-DNS ebanzi kunye nexabiso eliphantsi, imeko yokusetyenziswa icuthe kakhulu kangangokuba isoloko inengqiqo ukucima i-LLMNR kwaye uphile ngoxolo ngakumbi.

Ngaba i-LLMNR iyimfuneko ngokwenene? Imingcipheko kunye nomxholo

Umbuzo wesigidi seedola: Ndiyithathe okanye ndiyishiye? Kwimeko yasekhaya, impendulo eqhelekileyo ithi "ewe, zikhululeke ukuyithatha." Kwinkampani kulungele ukuqinisekisa impembelelo: Ukuba i-DNS yokusingqongileyo imiselwe ngokuchanekileyo kwaye ikhangela umsebenzi, i-LLMNR ayiboneleli nto kwaye iveza ubungozi obungeyomfuneko.

Ingxaki enkulu kukuba I-LLMNR ayibandakanyi ukhuseleko ngokuchasene nokulinganisaUmhlaseli kwi-subnet yakho unako "ukulinganisa" isixhobo ekujoliswe kuso kwaye aphendule kwangethuba okanye ngokukhethayo, ukuqondisa ngokutsha unxibelelwano kunye nokubangela isiphithiphithi. Yimeko yokuhlasela yesikolo esidala "indoda-ephakathi" (MitM).

Njengomzekeliso, ikhumbula umgangatho we-Wi-Fi WEP, owazalwa ngaphandle kokuthathela ingqalelo uhlaselo lwangoku kwaye uphelelwe lixesha. Kwenzeka into efanayo ngeLLMNR: Yayiluncedo kwixesha elidlulileyo, kodwa namhlanje ngumnyango ovulekileyo wokukhohlisa ukuba uyishiya iphila kwiinethiwekhi zenkampani.

Ukongeza, ezandleni zomchasi ngezixhobo ezifanelekileyo, banokunyanzela iikhompyuter zakho ukuba "zicule" ulwazi olunobuthathaka njenge-NTLMv2 hashes xa becinga ukuba bathetha nomncedisi osemthethweni. Nje ukuba umhlaseli afumane ezo heshi, unokuzama ukuwaqhekeza-ngempumelelo eyahlukileyo ngokuxhomekeke kwimigaqo-nkqubo kunye nobunzima bephasiwedi-ukwandisa umngcipheko wokungena kwangempela.

Ikhubaza nini iLLMNR?

Kubuninzi bezinto ezisasazwayo zale mihla, unokuyikhubaza ngaphandle kokwaphula nantoni na. Ukuba abathengi bakho bahlala besombulula nge-DNS Kwaye ukuba awuxhomekekanga "kumlingo" kwinethiwekhi yendawo, i-LLMNR ayifanelekanga. Nangona kunjalo, qinisekisa kwiindawo ezibalulekileyo ngaphambi kokutyhala umgaqo-nkqubo kuwo wonke umbutho.

Gcina ukhumbula ukuba isigqibo ayisobugcisa kuphela: sikwanciphisa umngcipheko wakho wokusebenza kunye nokuthobela. Ukukhubaza i-LLMNR lulula, lunokumetwa, kunye nolawulo lokuqina olunempembelelo., kanye oko kufunwa sisiphi na isakhelo sokhuseleko esinengqiqo.

Khubaza i-LLMNR kwiWindows

Nazi iindlela eziphambili ezikhoyo zokukhubaza i-LLMNR kwiWindows:

Ukhetho loku-1: Umhleli wePolisi yeQela lasekuhlaleni (gpedit.msc)

Kwiikhompyuter ezizimeleyo okanye ukuvavanya ngokukhawuleza, ungasebenzisa uMhleli wePolisi yeQela leNdawo. Cinezela WIN + R, chwetheza gpedit.msc kwaye wamkele ukuyivula.

Emva koko, jonga ngapha: Ulungelelwaniso lweKhompyutha > Izakhelo zoLawulo > Inethiwekhi. Kwezinye iintlelo, useto luvela phantsi Umxhasi we-DNS. Fumana ungeniso "Khubaza isisombululo segama losasazo oluninzi" (igama linokwahluka kancinci) kwaye usete umgaqo-nkqubo ku-“Enebled”.

In Windows 10 isicatshulwa sihlala sifundeka ngolu hlobo "Khubaza ukusonjululwa kwegama losasazo oluninzi." Faka okanye wamkele utshintsho kwaye uqalise kwakhona ikhompyuter yakho. ukuqinisekisa ukuba useto lwecala leqela lusetyenziswa ngokuchanekileyo.

Ukhetho 2: UBhaliso lweWindows

Ukuba ukhetha ukuya ngqo kwinqanaba okanye ufuna indlela yokubhala, unokwenza ixabiso lepolisi kwiRejistri. Vula CMD okanye I-PowerShell ngeemvume zomlawuli kwaye uphumeze:

REG ADD "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /f
REG ADD "HKLM\Software\Policies\Microsoft\Windows NT\DNSClient" /v "EnableMulticast" /t REG_DWORD /d 0 /f

Ngale nto, i-LLMNR iya kukhutshazwa kwinqanaba lomgaqo-nkqubo. Qala kwakhona ikhompyutha ukuvala umjikelo kunye nokuthintela iinkqubo ezinemeko yangaphambili ekubeni zihlale kwinkumbulo.

Khubaza i-LLMNR nge-GPO kwindawo

Enye indlela yokukhubaza i-LLMNR kukusebenzisa utshintsho oluphakathi ukusuka kumlawuli wesizinda ngokuvula iKhonsoli yoLawulo loMgaqo-nkqubo weQela. Yenza iGPO entsha (umzekelo, “MY-GPO”) kwaye uyihlele.

Kumhleli, landela umendo: Ulungelelwaniso lweKhompyutha > Iitemplates zoLawulo > Inethiwekhi > uMxumi weDNS. Yenza umgaqo-nkqubo we-"Khubaza ukusasazwa kwegama elininzi". kwaye uvale umhleli ukugcina. Emva koko, qhagamshela i-GPO kwi-OU efanelekileyo kwaye unyanzelise ukuba ipolisi ihlaziye okanye ulinde ukuphindaphindwa kwesiqhelo.

Ugqibile. Ngoku unomgaqo-nkqubo wesizinda osikwa rhoqo i-LLMNR. Khumbula ukuba i-nomenclature echanekileyo yohlengahlengiso inokwahluka. kancinane phakathi kweenguqulelo zeWindows Server, kodwa indawo njengoko ibonisiwe.

Intune: "Iyasebenza" kodwa igpedit ibonisa "Ayikhangelwanga"

Umbuzo oqhelekileyo: utyhala iprofayile yoqwalaselo evela kwi-Intune, ikuxelela ukuba isetyenziswe ngokuchanekileyo, kwaye xa uvula igpedit, ubona useto njenge “Ayiqwalalwanga.” Oku akuthethi ukuba ayisebenzi.. I-Intune isebenzisa iisetingi nge-CSP/Registry engasoloko iboniswa kumhleli wasekhaya njengo “Miselweyo.”

Indlela ethembekileyo yokujonga oku kukudibana nePolisi yeLog: Ukuba ikhona kwaye ilingana no-0, ixabiso Yenza iMulticast ivuliwe HKLM\Software\Polisi\Microsoft\Windows NT\DNSClient, iLLMNR ivaliwe nangona i-gpedit ibonisa "Ayibunjwanga".

Ukuba ukhetha ukuqinisekisa oku ngeskripthi (esiluncedo njengoLungiso kwi-Intune), nantsi iskripthi esilula se-PowerShell ukwenza ixabiso kwaye uqinisekise:

New-Item -Path "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient" -Force | Out-Null
New-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient" -Name "EnableMulticast" -PropertyType DWord -Value 0 -Force | Out-Null
(Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient").EnableMulticast

Oku kugubungela imeko apho i-Intune ithi isetyenzisiwe, kodwa ufuna ukuqiniseka okuphezulu okanye ukulungisa iingxaki "ezikhohlakeleyo" izixhobo. Ukuphicotha ngobuninzi, dibanisa umbhalo kunye nesixhobo sakho soluhlu okanye nge-Intune/Defender yeengxelo ze-Endpoint.

Khubaza i-LLMNR kwi-Linux (i-systemd-isonjululwe)

Kusasazo olunje ngo-Ubuntu okanye i-Debian esebenzisa i-systemd-esonjululwe, unako “ukubulala” i-LLMNR ngokuthe ngqo. Hlela iisetingi zesicombululi Ngoko ke:

sudo nano /etc/systemd/resolved.conf

Kwifayile, seta iparameter ehambelanayo ukuze ingabonakali. Umzekelo:

[Resolve]
LLMNR=no

Gcina kwaye uqalise kwakhona inkonzo okanye ikhompyuter: Ukuqalisa kwakhona inkonzo kudla ngokwaneleyo, nangona ukuqalisa kwakhona kuyasebenza ukuba kukulungele ngakumbi.

sudo systemctl restart systemd-resolved

Ngaloo nto, i-systemd-esonjululwe iya kuyeka ukusebenzisa i-LLMNR. Ukuba usebenzisa esinye isisombululo sesisombululo (okanye ezinye ii-distros), khangela amaxwebhu abo: ipateni ayahlukanga kakhulu kwaye kusoloko kukho “ukutshintsha” okulinganayo.

Malunga ne-NBT-NS kunye neWindows Firewall

Ukukhubaza i-LLMNR sisiqingatha sedabi. Abaphenduli kunye nezixhobo ezifanayo zikwasebenzisa iNkonzo yegama leNetBIOS (NBT-NS), esebenza kwiichweba ze-NetBIOS zakudala (UDP 137/138 kunye ne-TCP 139). Oku kuphakamisa umbuzo abantu abaninzi abawubuzayo: ngaba kwanele ukuvala izibuko kwi-firewall, okanye ngaba kufuneka ukhubaze ngokucacileyo i-NBT-NS?

Ukuba usebenzisa imigaqo engqongqo kwi-firewall yakho yendawo-zombini ngaphakathi nangaphandle-ivimbela i-137 / UDP, i-138 / UDP, kunye ne-139 / TCP, unciphisa kakhulu ukubonakaliswa kwakho. Nangona kunjalo, eyona nto isebenzayo kwiindawo zeshishini kukuvala i-NetBIOS ngaphezulu kwe-TCP/IP. kwi-interfaces, ukuthintela iimpendulo ezingafunekiyo okanye iintengiso ukuba umgaqo-nkqubo we-firewall uyatshintsha okanye uguqulwe ngesicelo.

Kwi-Windows, akukho "fektri" ye-GPO ngokuthe ngqo njengakwi-LLMNR, kodwa ungayenza nge-WMI okanye ngoBhaliso. Le PowerShell esekwe kwiWMI iyayicima kuzo zonke iiadaptha ezine-IP:

Get-WmiObject -Class Win32_NetworkAdapterConfiguration -Filter "IPEnabled=TRUE" | ForEach-Object { $_.SetTcpipNetbios(2) } 

Ukuba ukhetha imithetho ye-firewall, qhubeka, kodwa qiniseka ukuba i-bidirectional kwaye iyazingisa. Iibhloko ze-137 / UDP, 138 / UDP kunye ne-139 / TCP kunye nokubeka iliso ukuba akukho mithetho iphikisanayo kwezinye ii-GPO okanye i-EDR / i-AV izisombululo ezilawula i-firewall.

Ukuqinisekisa: Ujongwa njani ukuba iLLMNR kunye ne-NBT-NS azidlalwa

Nge-LLMNR kwiWindows, jonga kwiRejistri: HKLM\Software\Policies\Microsoft\Windows NT\DNSClient\Yenza iMulticast mayibekho kwaye ilingane no0. Khangela ngokukhawuleza kwi-PowerShell unga:

(Get-ItemProperty -Path "HKLM:\Software\Policies\Microsoft\Windows NT\DNSClient").EnableMulticast

Kwinqanaba letrafikhi, ubuchule obulula kukuqhuba ukukhangela igama elingekhoyo kwaye usebenzise iWireshark ukujonga ukuba akukho zipakethi ze-UDP 5355 eziphumayo. Ukuba awuboni usasazo oluninzi kwicandelo lasekhaya, ukwindlela elungileyo.

Kwi-Linux ene-systemd-esonjululwe, jonga ubume nge-solventctl okanye systemctl: Qinisekisa ukuba i-LLMNR isetelwe ku-“hayi” kuqwalaselo olusebenzayo nokuba inkonzo yaqalwa kwakhona ngaphandle kweempazamo.

Kwi-NBT-NS, qinisekisa ukuba i-firewall ilawula i-137/UDP, 138/UDP, kunye ne-139/TCP okanye i-NetBIOS ivaliwe kwiiadaptha. Ungakwazi nokusezela umnatha okwethutyana ukujonga ukuba akukho zicelo zeNetBIOS okanye iintengiso emoyeni.

Imibuzo ebuzwa rhoqo kunye nama-nuances aluncedo

• Ngaba ndiza kwaphula nantoni na ngokuvala i-LLMNR? Kwiinethiwekhi ezine-DNS egcinwe kakuhle, oku akusoloko kunjalo. Kwiindawo ezikhethekileyo okanye zelifa, qinisekisa kuqala kwiqela lokulinga kwaye uthethe utshintsho ukuxhasa.
• Kutheni i-gpedit ibonisa "Ayilungiswanga" nangona i-Intune ithi "Inyanzelisiwe"? Kuba umhleli wasekuhlaleni akasoloko ebonisa amazwe abekwe yi-MDM okanye i-CSP. Inyani ikwiRegistry kunye neziphumo zokwenyani, hayi kumbhalo wegpedit.
• Ngaba kunyanzelekile ukuvala i-NBT-NS ukuba ndivala i-NetBIOS kwi-firewall? Ukuba ukuthintela kuphelile kwaye kunamandla, unciphisa kakhulu umngcipheko. Sekunjalo, ukukhubaza i-NetBIOS ngaphezulu kwe-TCP/IP kususa iimpendulo zenqanaba le-stack kwaye kuthintele ukothuka ukuba imithetho iyatshintsha, ke yeyona nto ikhethwayo.
• Ingaba kukho naziphi na izikripthi ezilungele ukuvala i-LLMNR? Ewe, ngeRegistry okanye iPowerShell, njengoko ubonile. Kwi-Intune, ipakethe iscript njengoLungiso kwaye wongeze uqwalaselo lokuthotyelwa.

Ukucima i-LLMNR kunciphisa i-spoofing surface kuthungelwano lwendawo kwaye nips uhlaselo lwe-hash-grabbing ngezixhobo ezifana ne-Responder kwi-bud. Ukuba uyavala okanye uvala i-NBT-NS kwaye ukhathalele i-DNS yakhoUya kuba ne-cocktail elula nesebenzayo yokhuseleko: ingxolo encinci, ingozi encinci, kunye nenethiwekhi elungiselelwe ngcono ukusetyenziswa kwemihla ngemihla.