[44net] Exploitable portmapper service

Folks, I have begun blocking the portmapper port (UDP 111) at the UCSD amprgw gateway. This is to mitigate a new DDOS exploit that is taking place on the Internet. This would prevent the use of various RPC services across the amprgw gateway, but I don't think anyone is currently using NFS, NIS, or the like in that context. The performance would be very poor in any case. You might consider blocking this port in your firewalls. I recommend that everyone running their own BGP'd subnet insert a blocking filter rule for this port as well. More information: http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-… Thanks. - Brian