Attackers have figured out how to use Portmapper, or RPC Portmapper, in reflection attacks where victims are sent copious amounts of responses from Portmapper servers. Tod Beardsley, security engineering manager, at Rapid7 commented on the new DDoS reflection attack.
[su_note note_color=”#ffffcc” text_color=”#00000″]Tod Beardsley, Security Engineering Manager, at Rapid7 :
“Portmap (port 111/UDP) used to be a common service on many UNIX-like distributions, including Linux and Solaris. To hear this morning that it’s part of a “new DDoS” attack is very disorienting, as portmap attacks are by no means new. For 15 years or more, the stock advice about portmap has been simple: Don’t expose it to the internet. While portmap can be useful in private, internal networks, it has a history of security vulnerabilities. Portmap is cleartext and essentially unauthenticated, and tends to expose services and data that the owner of the computer doesn’t intend to share with the world. Layer3’s findings of more than a million portmap services running today is a signal to our industry: more education is necessary, and tells us that security basics, like firewalling and service auditing, are not happening across large pieces of the internet.”[/su_note][su_box title=”About Rapid7″ style=”noise” box_color=”#336588″]