Security warning message:
The Portmapper service (portmap, rpcbind) is required for mapping RPC requests to a network service. This service is essential, especially for mounting network shares using the Network File System (NFS). The Portmapper service runs on port 111 (tcp/udp). However, attackers can exploit the Portmapper service to gather information on the target network, such as available RPC services or network shares. Moreover, they can abuse it for DDoS reflection attacks. Therefore, securing the Portmapper service is crucial to prevent potential threats.DDoS reflection attacks against third parties have increasingly abused systems responding to Portmapper requests from anywhere on the Internet over the past months. Please see below for a list of affected systems hosted on your network. We identified the openly accessible Portmapper service based on the timestamp (timezone UTC).
If you are receiving the above-mentioned warning, you are at the right place; let’s explore why you are receiving the alert and how to resolve the portmapper security warning in centos 7.
What is Portmapper
Portmapper, commonly known as rpcbind, is a network service that converts RPC (Remote Procedure Call) program numbers into network port numbers. It enables RPC clients to find out which port a certain RPC service is using on a server. Users can use the Portmapper service to dynamically find the correct port for the needed RPC service, which facilitates easier communication between networked systems.
Why are you receiving the alert
The error message you received indicates that your Portmapper service is openly accessible from the internet, making it vulnerable to DDoS reflection attacks. Attackers can use this to raise attacks on third parties to collect information about your network’s RPC services or network shares.
How to fix this:
To resolve this, you need to secure the Portmapper service by restricting access or disabling it if not needed. Ensuring only trusted IP addresses can access the service, or completely disabling it, will mitigate the risk.
Restrict Access to Portmapper
To restrict access to Portmapper, configure the Firewall to allow only trusted IP addresses to connect to port 111 (TCP/UDP).
Firewall rule to add a IP address to allow TCP traffic on port 111:
#firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_IP" port port=111 protocol=tcp accept'Firewall rule to add a IP address to allow UDP traffic on port 111:
#firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="TRUSTED_IP" port port=111 protocol=udp accept'Reload the firewall configuration to apply the changes made.
#firewall-cmd --reloadStop and disable the RPCbind Service
To stop the rpcbind service to terminate current operations:
# systemctl stop rpcbind
# systemctl stop rpcbind.socketDisable rpcbind to prevent it from starting at boot:
#systemctl disable rpcbind
#systemctl disable rpcbind.socketVerify that the service is disabled
Use the below command to ensure the rpcbind service is inactive:
#systemctl status rpcbindConclusion
By restricting access and disabling unnecessary services, you can significantly reduce the risk of DDoS reflection attacks and unauthorized access to your network’s RPC services.
If you’re encountering the portmapper security warning in CentOS 7 and need expert assistance, contacting Skynats is your best solution. We specializes in providing top-notch server management and support services. By choosing us, you benefit from their extensive knowledge of CentOS and commitment to delivering reliable, efficient support tailored to your specific needs. Don’t let security warnings compromise your system—reach out to Skynats for expert help today.
