LLMNR (Link-Local Multicast Name Resolution)

High Risk

TCP/UDP — DNS

Port Overview

Port Number 5355

Service Name LLMNR (Link-Local Multicast Name Resolution)

Transport Protocol TCP/UDP

Category DNS

Security Risk High

Port Range Registered (1024-49151)

What is Port 5355?

Port 5355 is used by LLMNR (Link-Local Multicast Name Resolution), a Microsoft protocol that allows name resolution for hosts on the same local network segment without a DNS server. LLMNR is a well-known attack vector in Windows environments, as it can be abused for NBNS/LLMNR poisoning attacks to capture NTLMv2 credentials. Security best practices recommend disabling LLMNR on Windows systems.

TCP/UDP DNS Commonly Used

Security Considerations

Port 5355 (LLMNR (Link-Local Multicast Name Resolution)) is classified as high risk. This port is a common target for automated scanning and brute-force attacks. If you must expose it, restrict access to known IP addresses.

Recommendation: Use firewall rules to whitelist trusted IPs. Enable rate limiting and intrusion detection.

Related Ports — DNS

42 WINS / nameserver 53 DNS 101 NIC Host Name 853 DNS over TLS 953 RNDC 1512 WINS 2053 Knetd / DNS over TLS 5353 mDNS (Multicast DNS)