Skip to content

Horizon3.ai Docs

LLMNR Poisoning Possible

Horizon3.ai Docs

Home
Quickstart
Quickstart
- Setup NodeZero Host
  Setup NodeZero Host
- Run an Internal Pentest
  Run an Internal Pentest
Portal
Portal
- Test Types
  Test Types
  - Internal Pentest
    
    Internal Pentest
  - External Pentest
    
    External Pentest
    
    Create an Asset Group
    
    Run Asset Discovery
    
    Authorize Assets
    
    Run External Pentest
  - AWS Pentest
    
    AWS Pentest
  - Azure Entra ID
    
    Azure Entra ID
  - Kubernetes Pentest
    
    Kubernetes Pentest
    
    Operator ClusterRole CRD
    
    Pentest & Runner ClusterRole CRD
  - AD Password Audit
    
    AD Password Audit
  - Segmentation Test
    
    Segmentation Test
  - Phishing Test
    
    Phishing Test
    
    The NodeZero Phishing Script
  - Insider Threat Test
    
    Insider Threat Test
  - Rapid Response
    
    Rapid Response
    
    Alerts
    
    Alerts
    
    Rapid Response Activity Cards
    
    Rapid Response Activity Cards
    
    Targeted Tests
    
    Targeted Tests
  - 1-Click Verify
    
    1-Click Verify
- Portal Settings
  Portal Settings
  - Set a Proxy
    
    Set a Proxy
  - Email Notifications
    
    Email Notifications
  - Pentest Templates
    
    Pentest Templates
  - User Management
    
    User Management
  - Client Management
    
    Client Management
  - Single Sign-On (SSO)
    
    Single Sign-On (SSO)
  - IDentity Provider (IdP) Guides
    
    IDentity Provider (IdP) Guides
    
    Azure
    
    Okta
- Features
  Features
  - Attack Configuration
    
    Attack Configuration
    
    Remote Access Tool
  - BloodHound
    
    BloodHound
  - Injecting Credentials
    
    Injecting Credentials
    
    Injecting an AWS Role
    
    Injecting an Azure MFA Credential
  - Schedules
    
    Schedules
  - Co-Branding
    
    Co-Branding
Tripwires
Tripwires
- Getting Started
- Management
- Alerts
- Settings
  Settings
Insights
Insights
CLI
CLI
- Getting Started
- Guides
  Guides
API
API
- API Reference
  API Reference
Release Notes
Release Notes
- 2024.11
- 2024.10
- 2024.09
- 2024.08
- 2024.07
- 2024.06
- 2024.05
- 2024.04
- 2024.03
- 2024.02
- 2024.01
Downloads
Downloads
- NodeZero Host VM (OVA/VHD)
  NodeZero Host VM (OVA/VHD)
  - N0 utility
- Host Check Script
- Splunk App
- Ubuntu Setup Script
Knowledge Base
Knowledge Base
- NodeZero Modules
  NodeZero Modules
  - Cyanide
    
    Cyanide
- Glossary
  Glossary
- Sensitive Data
  Sensitive Data
- Weaknesses
  Weaknesses
- Exposure Score

LLMNR Poisoning Possible

Table of Contents

Option 1: Disable via Group Policy
Option 2: Disable on Selected Hosts

Option 1: Disable via Group Policy.

Open the "Local Group Policy Editor" on the Domain Controller.
Navigate to Computer Configuration > Administrative Templates > Network > DNS Client and then selecting: Turn Off Multicast Name Resolution
Click Enabled and select OK

Option 2: Disable on Selected Hosts

Log onto the host and open an Administrative Command Prompt

Disable LLMNR by disabling the "EnableMulticast" registry key with the following commands:

REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient"
REG ADD "HKLM\Software\policies\Microsoft\Windows NT\DNSClient" /v "EnableMulticast" /t REG_DWORD /d "0" /f