Disable Portmapper 111 BSI
Hi
We keep receiving notifications from BSI (German Federal Office for Information Security) regarding the portmapper service and port 111 that should not be open.
Here is the message:
[CODE=rich]the Portmapper service (portmap, rpcbind) is required for mapping RPC
requests to a network service. The Portmapper service is needed e.g.
for mounting network shares using the Network File System (NFS).
The Portmapper service runs on port 111 tcp/udp.
In addition to being abused for DDoS reflection attacks, the
Portmapper service can be used by attackers to obtain information
on the target network like available RPC services or network shares.
Over the past months, systems responding to Portmapper requests from
anywhere on the Internet have been increasingly abused DDoS reflection
attacks against third parties.
I have found another thread with some recommendations that helps, but when we reboot the server, portmapper starts again automatically. Here are the commands we are running and it works: # systemctl stop rpcbind # systemctl stop rpcbind.socket # systemctl disable rpcbind Running the following command shows if portmapper is active or not: # rpcinfo -p Is there something else that we can do to make sure that portmapper does not start when the server reboots? Thank you
I have found another thread with some recommendations that helps, but when we reboot the server, portmapper starts again automatically. Here are the commands we are running and it works: # systemctl stop rpcbind # systemctl stop rpcbind.socket # systemctl disable rpcbind Running the following command shows if portmapper is active or not: # rpcinfo -p Is there something else that we can do to make sure that portmapper does not start when the server reboots? Thank you
-
Try commands. [CODE=bash]systemctl stop rpcbind.service systemctl disable rpcbind.service systemctl mask rpcbind.service systemctl stop rpcbind.socket systemctl disable rpcbind.socket systemctl mask rpcbind.socket systemctl daemon-reload 0 -
Thanks @vacancy @sitespt can you let us know if the advice provided resolves the issue? 0 -
Hello, I have the same problem and i try this command systemctl stop rpcbind.service systemctl disable rpcbind.service systemctl mask rpcbind.service systemctl stop rpcbind.socket systemctl disable rpcbind.socket systemctl mask rpcbind.socket systemctl daemon-reload
Can you check the attachment image please.. now everything is okay ? Regards,0 -
Hello, I have the same problem and i try this command
systemctl stop rpcbind.service systemctl disable rpcbind.service systemctl mask rpcbind.service systemctl stop rpcbind.socket systemctl disable rpcbind.socket systemctl mask rpcbind.socket systemctl daemon-reload
Can you check the attachment image please.. now everything is okay ? Regards,
Yes, rpcbind is now completely disabled.0 -
Yes, rpcbind is now completely disabled.
Thank You :)0
Please sign in to leave a comment.
Comments
5 comments