Regarding port 111 , it may lead to security issue?

I’ve received this from my Hosting Company

Dear Sir or Madam,

the Portmapper service (portmap, rpcbind) is required for mapping RPC
requests to a network service. The Portmapper service is needed e.g.
for mounting network shares using the Network File System (NFS).
The Portmapper service runs on port 111 tcp/udp.

In addition to being abused for DDoS reflection attacks, the
Portmapper service can be used by attackers to obtain information
on the target network like available RPC services or network shares.

Over the past months, systems responding to Portmapper requests from
anywhere on the Internet have been increasingly abused DDoS reflection
attacks against third parties.

Please find below a list of affected systems hosted on your network.
The timestamp (timezone UTC) indicates when the openly accessible
Portmapper service was identified.

We would like to ask you to check this issue and take appropriate
steps to secure the Portmapper services on the affected systems or
notify your customers accordingly.

If you have recently solved the issue but received this notification
again, please note the timestamp included below. You should not
receive any further notifications with timestamps after the issue
has been solved.

It is a problem because it is a UDP port that can return a larger response than the request. An attacker send a small packet (say 70 bytes) with a forged source IP in the header, and the server replies with a list of all the RPC services running on it, which can be 1500 bytes or more. That’s why this is called amplification & reflection, the attacker uses a small request to cause another host to be sent a large response.

I’m not sure what this has to do with Rancher; if you’re exposing it for NFS it should be allowed only for the IPs of your hosts, or run over a private network and not exposed to the internet at all.

1 Like