[SAC] Fwd: [support.osuosl.org #29763] projects.osgeo.osuosl.org portmapper vulnerability
Harrison Grundy
harrison.grundy at astrodoggroup.com
Sat Sep 30 01:54:42 PDT 2017
It's fairly unlikely that this particular attack vector... bandwidth amplification, would be causing the slow mail issue. We would see quite a bit of data transfer from the mail host if someone was using this.
Harrison
> On Sep 30, 2017, at 12:41 PM, Regina Obe <lr at pcorp.us> wrote:
>
> You think our mail list issues and this DDOS vulnerability might be related.
>
> I'd be willing to ask for more detail but since OSUOSL folks don't know me, I feel I wouldn't be the right person to inquire more.
>
> Anyrate it's probably a good idea to test all our servers, starting with our Mail List Server
>
> Using what they suggested
>
> $ rpcinfo -T udp -p <ipaddress>
> $ showmount -e <ipaddress>
>
> And other tidbits from
>
> https://www.us-cert.gov/ncas/alerts/TA14-017A
>
>
> Thanks,
> Regina
>
> -----Original Message-----
> From: Sac [mailto:sac-bounces at lists.osgeo.org] On Behalf Of Alex M
> Sent: Friday, September 29, 2017 7:35 PM
> To: sac >> System Administration Committee Discussion/OSGeo <sac at lists.osgeo.org>
> Subject: [SAC] Fwd: [support.osuosl.org #29763] projects.osgeo.osuosl.org portmapper vulnerability
>
> Any have any idea what this is about? Perhaps someone could respond to OSUOSL asking about which host/IP is in question?
>
> The second link doesn't actually get to an article.
>
> Thanks,
> Alex
>
>
> -------- Forwarded Message --------
> Subject: [support.osuosl.org #29763] projects.osgeo.osuosl.org portmapper vulnerability
> Date: Fri, 29 Sep 2017 11:40:13 -0700
> From: Cody Holliday via RT <support at osuosl.org>
> Reply-To: support at osuosl.org
> CC: sysadmin at osgeo.org, tech at wildintellect.com, rootmail-students at osuosl.org
>
> Here is a little more information on the vulnerability and how to test if you are still vulnerable:
>
> Exposed RPC portmapper services are used for amplification attacks. You can test exposure with the following shell commands:
>
> $ rpcinfo -T udp -p <ipaddress>
> $ showmount -e <ipaddress>
>
> * https://www.us-cert.gov/ncas/alerts/TA14-017A
>
> *
> http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-early-warning-to-the-industry/
>
>
> --Cody Holliday
>> On Thu Sep 28 12:58:08 2017, codysseus wrote:
>> Hello Alex!
>>
>> We have a report from NERO that says one of your hosts is running a
>> vulnerable portmapper service. Here is the report from NERO:
>>
>> 2017-07-24 03:54:21
>>
>> exports:
>> protocol: udp
>> naics: 0
>> port: 111
>> programs: 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000
>> 4
>> 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100024 1 52846/udp;
>> 100024 1
>> 55377/udp;
>> mountd_port:17-07-24 03:54:21
>>
>> --Cody Holliday
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/sac
>
> _______________________________________________
> Sac mailing list
> Sac at lists.osgeo.org
> https://lists.osgeo.org/mailman/listinfo/sac
More information about the Sac
mailing list