Disable LLMNR (Link-Local Multicast Name Resolution)

Tip # 2: Disable LLMNR (Link-Local Multicast Name Resolution)

The LLMNR network protocol is vulnerable to Person-in-the-Middle (PitM) attacks. Penetration testers commonly use this vulnerability to compromise domain user accounts in enterprise networks. Mossé Security once gained domain administrator privileges on a customer network in under 5 minutes by exploiting this vulnerability.

Disabling LLMNR is key to surviving a corporate network penetration test. You can validate whether your network is vulnerable to LLMNR PitM using Responder.py

Disable LLMNR With Powershell

Disable LLMNR through Group Policy Editor

  • Right click on the windows icon and select ‘Run’ to and search ‘gpedit.msc’ to open the Group Policy Editor
  • Navigate to Local Computer Policy>Computer Configuration>Administrative Templates>Network>DNS Client
  • Under DNS Client, make sure that “Turn OFF Multicast Name Resolution is set to Enabled.

Use MS Guard Today

MS Guard is a FREE Windows security assessment tool that helps organisations save money,improve their ROI, reduce cyber risks, achieve compliance and deliver security at scale. Learn more