Hetzner德国独服禁用 rpcbind 111端口

最近一直收到Hetzner的邮件警告。具体内容如下:

We received a security alert from the German Federal Office for
Information Security (BSI). Please see the original report included
below for details.

Please investigate and solve the reported issue. It is not required
that you reply to either us or the BSI. If the issue has been fixed
successfully, you should not receive any further notifications.

Additional information is provided with the HOWTOs referenced in the

  1. In case of further questions, please contact
    [email protected] and keep the ticket number of the original report

[CB-Report#...] in the subject line. Do not reply
as this is just the sender address for
the reports and messages sent to this address will not be read.

Kind regards

Abuse team

On 10 Oct 10:37, [email protected] wrote:
Dear Sir or Madam,

the Portmapper service (portmap, rpcbind) is required for mapping RPC
requests to a network service. The Portmapper service is needed e.g.
for mounting network shares using the Network File System (NFS).
The Portmapper service runs on port 111 tcp/udp.

In addition to being abused for DDoS reflection attacks, the
Portmapper service can be used by attackers to obtain information
on the target network like available RPC services or network shares.

Over the past months, systems responding to Portmapper requests from
anywhere on the Internet have been increasingly abused DDoS reflection
attacks against third parties.

Affected systems on your network:

Format: ASN | IP | Timestamp (UTC) | RPC response
24940 | 2018-10-09 05:35:32 | 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;

We would like to ask you to check this issue and take appropriate
steps to secure the Portmapper services on the affected systems or
notify your customers accordingly.

If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.

吓我一跳,以为是被当肉鸡发包了之类的。去Google查了下。原来是德国安全小组会检查机器的111端口。防止被滥用,实际就是一个防患于未然的邮件。心大的可以不用管。
但是我实在是有强迫症,不管也不行。遂试试吧这个rpcbind服务关闭,达到屏蔽111端口的目的。
起111端口的进程是systemd,在网上查了下,实际用的是rpcbind。大部分服务是不依赖于rpcbind的,只有NFS需要用到这个服务,所以可以禁掉。

以下是禁掉该rpcbind服务的命令:

 停止进程
$ systemctl stop rpcbind.socket
$ systemctl stop rpcbind
    
 禁止随开机启动
$ systemctl disable rpcbind.socket 
$ systemctl disable rpcbind

一把直接梭哈。完了以后111端口是不是已经关闭了。

原文链接:,转发请注明来源!

发表评论