Article overview

Help article

Securing the RPC Portmapper service

The RPC Portmapper Service is a service which ensures that certain applications end up at the right port. This is used, for example, for NFS / fileserver applications. Unfortunately, in the case of external access, this service can be abused as a 'reflector' / 'amplification' in order to contribute to a (D)DoS attack. Therefore, it is important that you disable this service or make it unreachable for external access.

How to make the remote access service unreachable can be found below for the most used firewalls:


Disabling the service

Disabling the portmapper service altogether is one of the most secure messures you can take. How you disable the service differs per OS, but in most cases, you can disable the portmapper service using the following commands:

systemctl stop rpcbind
systemctl stop rpcbind.socket
systemctl disable rpcbind
systemctl disable rpcbind.socket

Firewalld (CentOS 7, DirectAdmin, Plesk, cPanel)

In Firewalld you can close port 111 (used by portmapper) by simply removing it from the open ports:

firewall-cmd --permanent --zone=public --remove-port=111/udp

You will then see "success" as feedback on the command line. When this is saved, you then reload the firewall for the new rule to take effect:

firewall-cmd --reload

Please note! It is possible that you use a 'private' firewall so these commands do not work. This is the case, for example, when you use Plesk (here, you can close the ports via Tools & Settings > Firewall) or use an application such as ConfigServerSecurity & Firewall (CSF). You can, for example, also install and enable IPtables on CentOS 7 instead of firewalld. Check this first before you execute these commands.


IPtables (CentOS 6 and Ubuntu)

If you use IPtables, you can close the relevant port with the following command:

iptables -A INPUT -p udp --dport 111 -j DROP

Here too you will then have to 'reload' the firewall to activate the new rule:

iptables-save | sudo tee /etc/sysconfig/iptables
service iptables restart

Please note! If you use Debian, iptables will not run as a service by default (see also the following article). In that case, you can choose to enable this via the command "apt-get install iptables-persistent".


Windows Server Firewall

The steps below are relevant for blocking the portmapper port in Windows Server 2008, 2012, 2016 & 2019.

 

Step 1

Click the start button and use the search term 'Firewall'. Alternatively, you can also find the firewall in the Server Manager under 'Tools'.

Among the search results, 'Windows Firewall with Advanced Security' will appear. Click it.

windows search firewall


 

Step 2

Navigate to 'Inbound Rules', right click 'Inbound Rules' and choose 'New Rule'.

windows firewall inbound new rule


 

Step 3

Select: 'Port' and click 'Next'.

windows firewall rule type


 

Step 4

Select 'UDP' and enter '111' at the specific local ports. Then click 'Next'.

windows firewall new rule protocol and port


 

Step 5

Select 'Block the connection' and click 'Next'. On the next page, click 'Next' again.

windows firewall new rule action block


 

Step 6

Then, give your new rule a name and optionally a description.

windows firewall new rule name

If you still want to make the service available locally, you can also set specific IP addresses in the whitelist for the properties of this rule.


Testing the portmapper service

If you use an OS with a terminal on your client computer (such as OS X, BSD or Linux), you can use 'rpcinfo' to check if a portmapper service is still active.

rpcinfo -p [IP ADDRESS] -T udp

 

Should you have any questions left regarding this article, do not hesitate to contact our support department. You can reach them via the ‘ContactUs’ button at the bottom of this page.

If you want to discuss this article with other users, please leave a message under 'Comments'.

 

Do you have a good idea?

Give us your idea! If it's popular we'll add it to the wishlist!

Has this article been helpful?

Create an account or log in to leave a rating.

Comments

Create an account or log in to be able to leave a comment.

Are you stuck?

Ask one of our specialists to assist you

Contact us