I've been reading a lot about the security benefits of turning off mDNS, NetBIOS Name Service, and LLMNR. Many articles suggest that disabling these protocols can reduce the risk of exposing our network devices to vulnerabilities.
However, I'm using a network discovery tool that relies on these protocols to find hostnames on my private network, mostly made up of Windows devices. I'm curious about how I can discover these devices without using mDNS, NetBIOS, or LLMNR. Are there alternative methods I could use to identify Windows devices on my network? Thanks for any advice!
5 Answers
Just to clarify, what you're asking about isn't really tied to Network Discovery—they're more about DNS or network browsing. Network Discovery (or wsdd on Linux) works differently. I haven't used mDNS, NetBIOS, or LLMNR in a long time, and honestly, I don't miss them at all.
It's great that you're considering security, but if your devices don't need to communicate directly, then turning these services off might be totally fine. In environments where most connections are server-client (like accessing published DNS records), peer-to-peer protocols might not be essential. Just watch out for things like printers or devices that use direct connections. They might not work as expected without those protocols.
I've only noticed mDNS getting used in office settings for printers, so maybe it’s something you'd want to look out for specifically if you have those kinds of devices on your network.
There are downsides, yes! If you disable these protocols, any service that depends on them could stop working. For example, some printers and multifunction devices might lose their ability to connect. Make sure you check what devices you have that might rely on those services before flipping the switch!
Honestly, a lot can break if you disable these services. Disabling them might seem like a good step for security, but be prepared for potential issues. You might find devices that used to be easy to communicate with just stop showing up, especially if they worked through broadcasts.
Could you give some examples of what might break if I disable them?