Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: portmapper DDOS

From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Thu, 2 Jun 2016 15:14:55 -0500
On Jun 2, 2016, at 08:37 , Julian Y Koh <kohster () NORTHWESTERN EDU> wrote:


We've been blocking port 111 for years globally without any ill effect.


+1.

We've been doing this for a very long time, too, since before 2000.  RPC services back then weren't very robust in the 
face of someone bent on mischief, and they're generally not services that need to be exposed anyway.  Also blocked 
since then are TCP and UDP ports 32771 and 32772, as Sun historically liked to put important RPC services there, and 
the TCP "small services" (qotd, chargen, et al).  SNMP and NFS have also been blocked since then.


-- 
Alan Amesbury
University Information Security
http://umn.edu/lookup/amesbury
Previous By Date Next
Previous By Thread Next

Current thread: