What is the purpose of TeamViewer_Service mDNS resolver?

EdQuin · 2023-06-16T19:17:45+00:00

There was an error rendering this rich post.

TeamViewer_Service on Windows is acting as a multicast DNS resolver:

LocalAddress  LocalPort OwningProcess ProcessName
------------  --------- ------------- -----------
::1            UDP/5353          5125 TeamViewer_Service
**bleep**      UDP/5353          5125 TeamViewer_Service
**bleep**      UDP/5353          5125 TeamViewer_Service
10.0.0.1       UDP/5353          5125 TeamViewer_Service
0.0.0.0        UDP/5353          3251 svchost

This is not a simple use of UDP port 5353 to incoming remote sessions, TeamViewer_Service replies to multicast DNS queries with:

[Client ID]._teamviewer._tcp.local: type TXT, class IN, cache flush
   Name: [Client ID]._teamviewer._tcp.local
   Type: TXT (Text strings) (16)
   .000 0000 0000 0001 = Class: IN (0x0001)
   1... .... .... .... = Cache flush: True
   Time to live: 4500 (1 hour, 15 minutes)
   Data length: 85
   TXT Length: 19
   TXT: DyngateID=[Client ID]
   TXT Length: 22
   TXT: Token=[Token]
   TXT Length: 41
   TXT: UUID=[UUID]

So, I was wondering:

why was this mDNS resolver (responder) implemented in TeamViewer_Service on Windows?
the reply to multicast DNS queries contains the TeamViewer Client ID, a token and an UUID. Could they represent a security risk?

Could you please enlighten me on this subject?

Find more posts tagged with

Comments

gchec

Hi,
I was thinking about the same two questions , but i still haven't clear answers. By any chance have you managed to find more information?