Security warning from german Federal office because mDNS services openly accessible from anywhere

I’ve got a VPS with Yunohost 2.5 running and yesterday I got a strange email form the german Federal Office for Information Security, that the Shadowserver foundation did a scan on my system and found an open mDNS Service on my host and that this is dangerous :

“mDNS services openly accessible from anywhere on the Internet can be abused for DDoS reflection attacks against third parties. (…) We would like to ask you to check this issue and take appropriate steps to close the openly accessible mDNS services on the affected systems.”

Is this really a problem? How can I make the mDNS-service secure?

I’ve got the follwing YH-Apps installed:

• HumHub
• Linux-Dash
• Lufi
• Custum Web App
• Nextcloud
• Roundcube
• rss-bridge
• Searx
• Shell In A Box

More about the scan:

https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/Reports/openly-accessible-services/openly-accessible-services_node.html

Hello,

Have you made any modifications to the configuration of dnsmasq? We recently have several people that did some check on it to see if it was possible to abuse it to do DDoS but the conclusion was “no”.

As far as I know we didn’t changed anything to dnsmasq configuration recently.

We can do other checks if needed.

Hi,
I have received the same message.
The port (5323?) was open and I just deleted the firewall rule.

I have made no changes at dnsmasq or something else.

No, I didn’t make any changes to dnsmasq either. Does one of the YH-Apps make those changes?

@ Rolf: Thanks, I closed the port as well.