LLMNR Poisoning Possible

Horizon3.ai  |  July 21, 2021  |  Fix Actions

Table of Contents

Option 1: Disable via Group Policy.

  1. Open the “Local Group Policy Editor” on the Domain Controller.
  2. Navigate to Computer Configuration > Administrative Templates > Network > DNS Client and then selecting “Turn Off Multicast Name Resolution”  Turn off multicast
  3. Click “Enabled” and select “Ok”  Click Enabled

Option 2: Disable on Selected Hosts

  1. Log onto the host and open an Administrative Command Prompt
  2. Disable LLMNR by disabling the “EnableMulticast” registry key with the following commands:
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient"
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient" /v "EnableMulticast" /t REG_DWORD /d "0" /f
How can NodeZero help you?
Let our experts walk you through a demonstration of NodeZero, so you can see how to put it to work for your company.
Get a Demo
Share: