What is an "Open Portmapper Server"?
Portmapper is a service running on port 111. The service provides information about running services and their port numbers, such as NFS. An "open portmapper server" is a server running portmapper, but is accessible for everyone on the internet.
If the service is left open it could be used to amplify DDoS attacks. Because the service is known to be abused, we recommend our customers to resolve the problem.
Disable portmapper
Disable the portmapper service, if you don't use it, with the following commands:
yum install rpcbind
systemctl mask rpcbind
systemctl mask rpcbind.socket
systemctl stop rpcbind
systemctl stop rpcbind.socket
Or you can use the following commands to only allow connections from trusted sources:
iptables -I INPUT -p udp -s xxx.xxx.xxx.xxx --dport 111 -m state --state NEW -j ACCEPT
Check if portmapper is open or closed
Use nmap to scan your VPS if portmapper is still available.
nmap -sU -p 111 xxx.xxx.xxx.xxx
Result if portmapper is open:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 11:00 CEST
Nmap scan report for xxx.tilaa.cloud (xxx.xxx.xxx.xxx)
Host is up (0.015s latency).
PORT STATE SERVICE
111/udp filtered/open rpcbind
Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds
And if portmapper is closed:
Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 11:01 CEST
Nmap scan report for xxx.tilaa.cloud (xxx.xxx.xxx.xxx)
Host is up (0.013s latency).
PORT STATE SERVICE
111/udp closed rpcbind
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Comments
Article is closed for comments.