[CentOS] Securing RPC

Fri Jul 1 06:38:06 UTC 2016
Leon Vergottini <leonv at cornerstone.ac.za>

Dear Community

I hope you are all doing well.

Recently I have been receiving several complaints from our service
provider.  Please see the complaint below:

A public-facing device on your network, running on IP address
XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
111 and participated in a large-scale attack against a customer of ours,
generating responses to spoofed requests that claimed to be from the attack

Please consider reconfiguring this server in one or more of these ways:

1. Adding a firewall rule to block all access to this host's UDP port 111
at your network edge (it would continue to be available on TCP port 111 in
this case).
2. Adding firewall rules to allow connections to this service (on UDP port
111) from authorized endpoints but block connections from all other hosts.
3. Disabling the port mapping service entirely (if it is not needed).

Unfortunately, I cannot disable NFS which lies at the root of this
problem.  In addition, I am struggling to find a proper tutorial of moving
NFS from udp over to tcp.

May I kindly ask you to point me in a direction or provide me with ideas on
how to nail this thing in the ....

Kind Regards