Disable LLMNR (Link-Local Multicast Name Resolution)
Tip # 2: Disable LLMNR (Link-Local Multicast Name Resolution)
The LLMNR network protocol is vulnerable to Person-in-the-Middle (PitM) attacks. Penetration testers commonly use this vulnerability to compromise domain user accounts in enterprise networks. Mossé Security once gained domain administrator privileges on a customer network in under 5 minutes by exploiting this vulnerability.
Disabling LLMNR is key to surviving a corporate network penetration test. You can validate whether your network is vulnerable to LLMNR PitM using Responder.py
Disable LLMNR With Powershell
Disable LLMNR through Group Policy Editor
- Right click on the windows icon and select ‘Run’ to and search ‘gpedit.msc’ to open the Group Policy Editor
- Navigate to Local Computer Policy>Computer Configuration>Administrative Templates>Network>DNS Client
- Under DNS Client, make sure that “Turn OFF Multicast Name Resolution is set to Enabled.
Use MS Guard Today
MS Guard is a FREE Windows security assessment tool that helps organisations save money,improve their ROI, reduce cyber risks, achieve compliance and deliver security at scale. Learn more