Attackers have figured out how to use Portmapper, or RPC Portmapper, in reflection attacks where victims are sent copious amounts of responses from Portmapper servers. Tod Beardsley, security engineering manager, at Rapid7 commented on the new DDoS reflection attack.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 :
“Portmap (port 111/UDP) used to be a common service on many UNIX-like distributions, including Linux and Solaris. To hear this morning that it’s part of a “new DDoS” attack is very disorienting, as portmap attacks are by no means new. For 15 years or more, the stock advice about portmap has been simple: Don’t expose it to the internet. While portmap can be useful in private, internal networks, it has a history of security vulnerabilities. Portmap is cleartext and essentially unauthenticated, and tends to expose services and data that the owner of the computer doesn’t intend to share with the world. Layer3’s findings of more than a million portmap services running today is a signal to our industry: more education is necessary, and tells us that security basics, like firewalling and service auditing, are not happening across large pieces of the internet.”[/su_note][su_box title=”About Rapid7″ style=”noise” box_color=”#336588″]Rapid7 security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000.[/su_box]