cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Steps for Updating NNR to use DNS only

roger_jr
Copper Contributor

‎Apr 08 2022 06:47 AM

‎Apr 08 2022 06:47 AM

Steps for Updating NNR to use DNS only

Anyone have the steps for updating the MDI Sensor on the Domain Controllers with the Secondary option to use DNS only to prevent the MDI DC Sensor using any of the Primary methods of communication. 

 

Primary methods:

NTLM over RPC (TCP Port 135)

NetBIOS (UDP port 137)

RDP (TCP port 3389) - only the first packet of Client hello

 

Secondary method:

Queries the DNS server using reverse DNS lookup of the IP address (UDP 53)

 

 

NTLM over RPC*TCP135All devices on the networkInbound
NetBIOS*UDP137All devices on the networkInbound
RDP*TCP3389All devices on the networkInbound
DNSUDP53Domain controllers

Outbound

 

 

 

Thanks Roger.

 

700 Views
0 Likes
1 Reply
Reply
1 Reply
Eli Ofek

‎Apr 08 2022 06:57 AM - edited ‎Apr 08 2022 06:58 AM

‎Apr 08 2022 06:57 AM - edited ‎Apr 08 2022 06:58 AM

Re: Steps for Updating NNR to use DNS only

@roger_jr Working only with DNS is not supported. You need at least one high certainty method with high success rate to work effectively.

0 Likes
Reply