Post by VanguardLH
Seems that every host running the DNS client is going to use LLMNR. I
suspect if you disable LLMNR that sharing services could get impacted.
Are you allowing rogue hosts to enter your intranet, like letting users
bring their own laptops into work to connect directly to the corporate
network instead of into a DMZ'ed subnet? LLMNR traffic is not routable
(because it is a local link protocol); that is, it cannot pass across
routers, so the problem is not with external hacking into your intranet.
So do you trust the hosts permitted to physically connect to the same
subnet within your intranet?
Good Lord Vanguard! I have been google'ing my ass over
all this for hours before asking for help. You hit it
out of the ball park. And give me a way to figure the next
out out myself. Wow! Impressive!
Anyway, to answer your question, this network leg is their
general office and not a high security Point of Sale (POS)
leg. They are allowed to bring "certain" devices, with
permission, and run them on this leg. (They are
under threat of death of doing that on the POS legs.)
I did an arp scan and everyone is legit. Just the usual
The traffic on multicast traffic on port 5355 is so
prodigious that my File Integrity Monitoring (FIM) software
server is crashing trying to log the tidal was of notices
placed in the client's security logs.