I installed nmap and did this scan within a linux VM:
nmap -p- 10.137.0.0/24
The output showed that only one port was open, which corresponds to Link-Local Multicast Name Resolution (LLMNR) i.e. for DNS name resolution.
Nmap scan report for 10.137.0.14
Host is up (0.000046s latency).
Not shown: 65534 closed tcp ports (conn-refused)
PORT STATE SERVICE
5355/tcp open llmnr
Is this risky for Qubes? In other systems people shut it down to avoid attackers spoofing LLMNR and impersonating hosts e.g. they pretend to be bank.com.
If it is risky to leave this service running, what are the alternatives?