[SAC] Fwd: [support.osuosl.org #29763] projects.osgeo.osuosl.org portmapper vulnerability
Alex M
tech_dev at wildintellect.com
Fri Sep 29 16:34:32 PDT 2017
Any have any idea what this is about? Perhaps someone could respond to
OSUOSL asking about which host/IP is in question?
The second link doesn't actually get to an article.
Thanks,
Alex
-------- Forwarded Message --------
Subject: [support.osuosl.org #29763] projects.osgeo.osuosl.org
portmapper vulnerability
Date: Fri, 29 Sep 2017 11:40:13 -0700
From: Cody Holliday via RT <support at osuosl.org>
Reply-To: support at osuosl.org
CC: sysadmin at osgeo.org, tech at wildintellect.com, rootmail-students at osuosl.org
Here is a little more information on the vulnerability and how to test
if you
are still vulnerable:
Exposed RPC portmapper services are used for amplification
attacks. You can test exposure with the following shell commands:
$ rpcinfo -T udp -p <ipaddress>
$ showmount -e <ipaddress>
* https://www.us-cert.gov/ncas/alerts/TA14-017A
*
http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-early-warning-to-the-industry/
--Cody Holliday
On Thu Sep 28 12:58:08 2017, codysseus wrote:
> Hello Alex!
>
> We have a report from NERO that says one of your hosts is running a
> vulnerable
> portmapper service. Here is the report from NERO:
>
> 2017-07-24 03:54:21
>
> exports:
> protocol: udp
> naics: 0
> port: 111
> programs: 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000
> 4
> 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100024 1 52846/udp;
> 100024 1
> 55377/udp;
> mountd_port:17-07-24 03:54:21
>
> --Cody Holliday
More information about the Sac
mailing list