Educause Security Discussion mailing list archives
Re: portmapper DDOS
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Thu, 2 Jun 2016 15:14:55 -0500
On Jun 2, 2016, at 08:37 , Julian Y Koh <kohster () NORTHWESTERN EDU> wrote:
We've been blocking port 111 for years globally without any ill effect.
+1. We've been doing this for a very long time, too, since before 2000. RPC services back then weren't very robust in the face of someone bent on mischief, and they're generally not services that need to be exposed anyway. Also blocked since then are TCP and UDP ports 32771 and 32772, as Sun historically liked to put important RPC services there, and the TCP "small services" (qotd, chargen, et al). SNMP and NFS have also been blocked since then. -- Alan Amesbury University Information Security http://umn.edu/lookup/amesbury
Current thread:
- portmapper DDOS Emily Harris (Jun 02)
- Re: portmapper DDOS Julian Y Koh (Jun 02)
- Re: portmapper DDOS Alan Amesbury (Jun 02)
- Re: portmapper DDOS Haselhoff, Brent (Jun 02)
- Re: portmapper DDOS Ben Marsden (Jun 02)
- Re: portmapper DDOS Julian Y Koh (Jun 02)