0

I’m scanning my Windows 10 machine with my Kali Linux virtual box. I have a medium level vulnerability with mDNS. The solution according to the Nessus docs is to block UDP port 5353 even though the mDNS service was broadcasting from port 49898 from a process called nvstream. I rescanned my Win10 OS just to make sure. Nessus keeps telling me I am still vulnerable even though I followed the solution. Other forums suggested other things

Here is what I have done according to other solutions on other forums and blogs.

  • Blocked UDP port 5353

  • Blocked TCP port 5353

  • Blocked UDP port 49898

  • Blocked TCP port 49898

  • Uninstalled Bonjour

  • Tried to uninstall Nvidia Stream, but it was never installed to begin with

  • Disabled print sharing

  • Disabled NetBios

  • Turned off DNS multicasting in the Group Policies

It’s still vulnerable according to Nessus. What do I do?

schroeder
  • 123,438
  • 55
  • 284
  • 319
user21303
  • 151
  • 2
  • 4
  • 11
  • I think nessus has something which shows up on report called `last observed`. After you performed all the above steps does the last observed time change? – BoredToolBox Apr 15 '18 at 18:51
  • Thanks for bringing that up. I’m not in front of my computer now but I will say the start time does update. I even started new scans in case it wasn’t “updating.” I googled the “last observed” parameter and I found something interesting. I will experiment more when I get back but for now I’m leaving this url for reference. https://community.tenable.com/s/question/0D5f200004rM16xCAC/importing-scan-results-will-not-remediate-vulnerabilities-in-securitycenter – user21303 Apr 15 '18 at 19:23
  • I looked into this 5cr3Amer. Last Observed is a dashboard feature in the security center. I do not work in this field and I just got the free vulnerability scanner for myself. I will not have access to the security center dashboard so I do not believe this is the issue. – user21303 Apr 16 '18 at 00:55

1 Answers1

2

Uninstalled Nvidia 3D Vision.

Didn’t realize 3D vision was the drivers for their 3D glasses. Thought it was one of their critical 3D graphics drivers. It made sense for that to sync with something as convenient as mDNS.

user21303
  • 151
  • 2
  • 4
  • 11