[CentOS] Securing RPC

Fri Jul 1 07:38:07 UTC 2016
Brian Mathis <brian.mathis+centos at betteradmin.com>

You need to setup a firewall (either a separate hardware box or iptables on
this server) that allows only those IPs you need to connect to those
ports.  You should never expose a service like this to the entire Internet.

~ Brian Mathis

On Fri, Jul 1, 2016 at 8:38 AM, Leon Vergottini <leonv at cornerstone.ac.za>

> Dear Community
> I hope you are all doing well.
> Recently I have been receiving several complaints from our service
> provider.  Please see the complaint below:
> A public-facing device on your network, running on IP address
> XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
> 111 and participated in a large-scale attack against a customer of ours,
> generating responses to spoofed requests that claimed to be from the attack
> target.
> Please consider reconfiguring this server in one or more of these ways:
> 1. Adding a firewall rule to block all access to this host's UDP port 111
> at your network edge (it would continue to be available on TCP port 111 in
> this case).
> 2. Adding firewall rules to allow connections to this service (on UDP port
> 111) from authorized endpoints but block connections from all other hosts.
> 3. Disabling the port mapping service entirely (if it is not needed).
> Unfortunately, I cannot disable NFS which lies at the root of this
> problem.  In addition, I am struggling to find a proper tutorial of moving
> NFS from udp over to tcp.
> May I kindly ask you to point me in a direction or provide me with ideas on
> how to nail this thing in the ....
> Kind Regards
> Leon
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos