Folks, I have begun blocking the portmapper port (UDP 111) at the UCSD amprgw gateway. This is to mitigate a new DDOS exploit that is taking place on the Internet.
This would prevent the use of various RPC services across the amprgw gateway, but I don't think anyone is currently using NFS, NIS, or the like in that context. The performance would be very poor in any case.
You might consider blocking this port in your firewalls.
I recommend that everyone running their own BGP'd subnet insert a blocking filter rule for this port as well.
More information: http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-e...
Thanks. - Brian
Thanks for the heads up on this! --- Pardon my brevity, I'm on a Samsung Galaxy smartphone. --- Sent via axMail-Fax by N1URO.
On June 1, 2016 9:57:38 PM Brian Kantor Brian@UCSD.Edu wrote:
(Please trim inclusions from previous messages) _______________________________________________ Folks, I have begun blocking the portmapper port (UDP 111) at the UCSD amprgw gateway. This is to mitigate a new DDOS exploit that is taking place on the Internet.
This would prevent the use of various RPC services across the amprgw gateway, but I don't think anyone is currently using NFS, NIS, or the like in that context. The performance would be very poor in any case.
You might consider blocking this port in your firewalls.
I recommend that everyone running their own BGP'd subnet insert a blocking filter rule for this port as well.
More information: http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-e...
Thanks.
- Brian
44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
Is it possible to have a list of all blocked Ports/Protocoles ? that are running now on the amprgw ? i know long ago you have blocked MS network (port 138 137 139 ?) if it is not confidential (mabe to have this list on the Portal or the Wiki ) . Thanks Forward Ronen - 4Z4ZQ http://www.ronen.org
________________________________________ From: 44Net 44net-bounces+ronenp=hotmail.com@hamradio.ucsd.edu on behalf of Brian Kantor Brian@UCSD.Edu Sent: Wednesday, June 1, 2016 6:57 PM To: 44net@hamradio.ucsd.edu Subject: [44net] Exploitable portmapper service
(Please trim inclusions from previous messages) _______________________________________________ Folks, I have begun blocking the portmapper port (UDP 111) at the UCSD amprgw gateway. This is to mitigate a new DDOS exploit that is taking place on the Internet.
Bkocking them in the core router. Its a nas i use for a fileserver for the packet/aprs/dstar builds
Sent from my Samsung 6 Edge!
-----Original Message----- From: Brian Kantor Brian@UCSD.Edu To: AMPRNet working group 44net@hamradio.ucsd.edu Sent: Thu, 02 Jun 2016 22:40 Subject: Re: [44net] Exploitable portmapper service
(Please trim inclusions from previous messages) _______________________________________________ On Thu, Jun 02, 2016 at 05:24:43AM +0000, R P wrote:
Is it possible to have a list of all blocked Ports/Protocoles ?
Ports 111,135-139,445,1025-1028 UDP and TCP are blocked currently. - Brian
_________________________________________ 44Net mailing list 44Net@hamradio.ucsd.edu http://hamradio.ucsd.edu/mailman/listinfo/44net
-
Brian -
Brian Kantor -
R P -
VK4AA Sam