Are you really exposing portmapper (RPC) and NFS to public network?
Eero
2016-07-01 9:38 GMT+03:00 Leon Vergottini <leonv@xxxxxxxxxxxxxxxxx>:
> Dear Community
>
> I hope you are all doing well.
>
> Recently I have been receiving several complaints from our service
> provider. Please see the complaint below:
>
> A public-facing device on your network, running on IP address
> XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
> 111 and participated in a large-scale attack against a customer of ours,
> generating responses to spoofed requests that claimed to be from the attack
> target.
>
> Please consider reconfiguring this server in one or more of these ways:
>
> 1. Adding a firewall rule to block all access to this host's UDP port 111
> at your network edge (it would continue to be available on TCP port 111 in
> this case).
> 2. Adding firewall rules to allow connections to this service (on UDP port
> 111) from authorized endpoints but block connections from all other hosts.
> 3. Disabling the port mapping service entirely (if it is not needed).
>
>
>
> Unfortunately, I cannot disable NFS which lies at the root of this
> problem. In addition, I am struggling to find a proper tutorial of moving
> NFS from udp over to tcp.
>
> May I kindly ask you to point me in a direction or provide me with ideas on
> how to nail this thing in the ....
>
> Kind Regards
> Leon
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
