TeamViewer_Service on Windows is acting as a multicast DNS resolver:
LocalAddress LocalPort OwningProcess ProcessName
------------ --------- ------------- -----------
::1 UDP/5353 5125 TeamViewer_Service
**bleep** UDP/5353 5125 TeamViewer_Service
**bleep** UDP/5353 5125 TeamViewer_Service
10.0.0.1 UDP/5353 5125 TeamViewer_Service
0.0.0.0 UDP/5353 3251 svchost
This is not a simple use of UDP port 5353 to incoming remote sessions, TeamViewer_Service replies to multicast DNS queries with:
[Client ID]._teamviewer._tcp.local: type TXT, class IN, cache flush
Name: [Client ID]._teamviewer._tcp.local
Type: TXT (Text strings) (16)
.000 0000 0000 0001 = Class: IN (0x0001)
1... .... .... .... = Cache flush: True
Time to live: 4500 (1 hour, 15 minutes)
Data length: 85
TXT Length: 19
TXT: DyngateID=[Client ID]
TXT Length: 22
TXT: Token=[Token]
TXT Length: 41
TXT: UUID=[UUID]
So, I was wondering:
- why was this mDNS resolver (responder) implemented in TeamViewer_Service on Windows?
- the reply to multicast DNS queries contains the TeamViewer Client ID, a token and an UUID. Could they represent a security risk?
Could you please enlighten me on this subject?