Pentera Labs analyzes three often-overlooked network protocols—MS-LLTD, mDNS, and ICMPv6/NDP—showing how they aid discovery and enable attacks. MS-LLTD and mDNS can leak hostnames, IPs, and device details on local links; ICMPv6/NDP can be abused for MITM via spoofed router advertisements to push malicious DNS and prefixes, demonstrated in a lab DNS-hijack that forced IPv6-preferring resolution. The paper recommends hardening: disable unused discovery services, restrict group/creation rights at the network edge, enable RA Guard, DHCP snooping, Dynamic ARP Inspection, implement Secure ND, and monitor group activity to reduce exposure.

Join for free to read