Apr 08 2022 06:47 AM
Anyone have the steps for updating the MDI Sensor on the Domain Controllers with the Secondary option to use DNS only to prevent the MDI DC Sensor using any of the Primary methods of communication.
Primary methods:
NTLM over RPC (TCP Port 135)
NetBIOS (UDP port 137)
RDP (TCP port 3389) - only the first packet of Client hello
Secondary method:
Queries the DNS server using reverse DNS lookup of the IP address (UDP 53)
NTLM over RPC* | TCP | 135 | All devices on the network | Inbound |
NetBIOS* | UDP | 137 | All devices on the network | Inbound |
RDP* | TCP | 3389 | All devices on the network | Inbound |
DNS | UDP | 53 | Domain controllers | Outbound
|
Thanks Roger.
Apr 08 2022 06:57 AM - edited Apr 08 2022 06:58 AM
@roger_jr Working only with DNS is not supported. You need at least one high certainty method with high success rate to work effectively.