Disable open portmapper

What is an "Open Portmapper Server"?

Portmapper is a service running on port 111. The service provides information about running services and their port numbers, such as NFS. An "open portmapper server" is a server running portmapper, but is accessible for everyone on the internet.

If the service is left open it could be used to amplify DDoS attacks. Because the service is known to be abused, we recommend our customers to resolve the problem.

Disable portmapper

Disable the portmapper service, if you don't use it, with the following commands:

yum install rpcbind
systemctl mask rpcbind
systemctl mask rpcbind.socket
systemctl stop rpcbind
systemctl stop rpcbind.socket

Or you can use the following commands to only allow connections from trusted sources:

iptables -I INPUT -p udp -s xxx.xxx.xxx.xxx --dport 111 -m state --state NEW -j ACCEPT

Check if portmapper is open or closed

Use nmap to scan your VPS if portmapper is still available.

nmap -sU -p 111 xxx.xxx.xxx.xxx

Result if portmapper is open:

Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 11:00 CEST
Nmap scan report for xxx.tilaa.cloud (xxx.xxx.xxx.xxx)
Host is up (0.015s latency).

PORT STATE SERVICE
111/udp filtered/open rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.39 seconds

And if portmapper is closed:

Starting Nmap 7.70 ( https://nmap.org ) at 2019-04-29 11:01 CEST
Nmap scan report for xxx.tilaa.cloud (xxx.xxx.xxx.xxx)
Host is up (0.013s latency).

PORT STATE SERVICE
111/udp closed rpcbind

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
Hebt u meer vragen? Een aanvraag indienen

0 Opmerkingen

Artikel is gesloten voor opmerkingen.