可以通过shadowserver来查看开放的mdns（用以反射放大攻击）——中国的在 https://mdns.shadowserver.org/workstation/index.html

Open mDNS Scanning Project

来自：https://mdns.shadowserver.org/

If you are looking at this page, then more than likely, you noticed a scan coming from this server across your network and/or poking at Multicast DNS (mDNS).

The Shadowserver Foundation is currently undertaking a project to search for publicly accessible devices that have the mDNS service accessible and answering queries. The goal of this project is to identify devices with an openly accessible mDNS service and report them back to the network owners for remediation.

These devices have the potential to be used in UDP amplification attacks in addition to disclosing large amounts of information about the system and we would like to see these services made un-available to miscreants that would misuse these resources.

Servers that are configured this way have been incorporated into our reports and are being reported on a daily basis.

Information on UDP-based amplification attacks in general can be found in US-CERT alert TA14-017A at: https://www.us-cert.gov/ncas/alerts/TA14-017A.

Methodology

We are querying all computers with routable IPv4 addresses that are not firewalled from the internet on port 5353/udp with a dns query for "_services._dns-sd._udp.local" and parsing the response. If we find that the "_workstation._tcp.local" or "_http._tcp_local" services are being advertised, we follow up with queries to services to see if they are accessible and exposing information. We intend no harm, but if we are causing problems, please contact us at dnsscan [at] shadowserver [dot] org

If you would like to test your own device to see if mDNS is accessible, run the command "dig @[IP] -p 5353 -t ptr _services._dns-sd._udp.local". If the mDNS service is accessible, you should see a list of services that are being advertised in the ANSWER section of the dig response.

Whitelisting

To be removed from this set of scanning you will need to send an email to dnsscan [at] shadowserver [dot] org with the specific CIDR's that you would like to have removed. You will have to be the verifiable owner of these CIDR's and be able to prove that fact. Any address space that is whitelisted will be publicly available here: https://mdns.shadowserver.org/exclude.html

Useful Links

Blog Summary: http://blog.shadowserver.org/2014/03/28/the-scannings-will-continue-until-the-internet-improves/
Get reports on your network: https://www.shadowserver.org/wiki/pmwiki.php/Involve/GetReportsOnYourNetwork
Current Whitelist: https://mdns.shadowserver.org/exclude.html

Scan Status

The most recent scan was started at 2017-09-20 07:39:03 GMT and ended at 2017-09-20 10:17:36 GMT.

Statistics on current run

763,855 distinct IPs responded to our mDNS query.

Of the distinct IPs that responded to the initial query, 90,312 hosts expose _http._tcp.local and 250,526 expose _workstation._tcp.local.

Top 20 Countries With mDNS Accessible

Country	Total
South Africa	260,299
United States	109,935
Korea, Republic of	45,438
China	44,335
Hong Kong	31,917
France	27,609
Taiwan	21,223
Japan	21,099
Germany	18,376
Italy	14,397
Canada	14,352
Netherlands	12,987
United Kingdom	12,839
Brazil	10,355
Russian Federation	9,874
Poland	7,196
Spain	7,043
Sweden	6,191
Belgium	5,567
India	4,509

Top 20 ASNs With mDNS Accessible

ASN	AS Name	Country	Total
AS37353	MacroLAN,	ZA	258,984
AS4766	KIXS-AS	KR	18,417
AS9318	SKB	KR	14,450
AS7922	COMCAST-7922	US	12,489
AS9304	HUTCHISON-AS	HK	11,214
AS4134	CHINANET	CN	10,847
AS3462	HINET	TW	10,527
AS14061	DIGITALOCEAN-ASN	US	9,824
AS16276	OVH,	FR	9,788
AS36351	SOFTLAYER	US	8,625
AS3215	AS3215,	FR	8,309
AS3269	ASN	IT	7,850
AS63949	LINODE	US	7,589
AS9269	HKBN-AS	HK	6,793
AS4760	HKTIMS	HK	5,854
AS1659	ERX-TANET	TW	5,532
AS4837	CHINA169	CN	5,075
AS7018	ATT-INTERNET4	US	4,811
AS18116	HGC-AS	HK	4,679
AS12322	PROXAD,	FR	4,212