[CentOS] Securing RPC

Fri Jul 1 06:46:35 UTC 2016
Eero Volotinen <eero.volotinen at iki.fi>

Are you really exposing portmapper (RPC) and NFS to public network?


2016-07-01 9:38 GMT+03:00 Leon Vergottini <leonv at cornerstone.ac.za>:

> Dear Community
> I hope you are all doing well.
> Recently I have been receiving several complaints from our service
> provider.  Please see the complaint below:
> A public-facing device on your network, running on IP address
> XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
> 111 and participated in a large-scale attack against a customer of ours,
> generating responses to spoofed requests that claimed to be from the attack
> target.
> Please consider reconfiguring this server in one or more of these ways:
> 1. Adding a firewall rule to block all access to this host's UDP port 111
> at your network edge (it would continue to be available on TCP port 111 in
> this case).
> 2. Adding firewall rules to allow connections to this service (on UDP port
> 111) from authorized endpoints but block connections from all other hosts.
> 3. Disabling the port mapping service entirely (if it is not needed).
> Unfortunately, I cannot disable NFS which lies at the root of this
> problem.  In addition, I am struggling to find a proper tutorial of moving
> NFS from udp over to tcp.
> May I kindly ask you to point me in a direction or provide me with ideas on
> how to nail this thing in the ....
> Kind Regards
> Leon
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos