You need to setup a firewall (either a separate hardware box or iptables on
this server) that allows only those IPs you need to connect to those
ports. You should never expose a service like this to the entire Internet.
~ Brian Mathis
@orev
On Fri, Jul 1, 2016 at 8:38 AM, Leon Vergottini <leonv@xxxxxxxxxxxxxxxxx>
wrote:
> Dear Community
>
> I hope you are all doing well.
>
> Recently I have been receiving several complaints from our service
> provider. Please see the complaint below:
>
> A public-facing device on your network, running on IP address
> XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
> 111 and participated in a large-scale attack against a customer of ours,
> generating responses to spoofed requests that claimed to be from the attack
> target.
>
> Please consider reconfiguring this server in one or more of these ways:
>
> 1. Adding a firewall rule to block all access to this host's UDP port 111
> at your network edge (it would continue to be available on TCP port 111 in
> this case).
> 2. Adding firewall rules to allow connections to this service (on UDP port
> 111) from authorized endpoints but block connections from all other hosts.
> 3. Disabling the port mapping service entirely (if it is not needed).
>
>
>
> Unfortunately, I cannot disable NFS which lies at the root of this
> problem. In addition, I am struggling to find a proper tutorial of moving
> NFS from udp over to tcp.
>
> May I kindly ask you to point me in a direction or provide me with ideas on
> how to nail this thing in the ....
>
> Kind Regards
> Leon
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> https://lists.centos.org/mailman/listinfo/centos
>
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
