Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor
  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum
Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. Support
  3. Network security issue: Portmapper servers

Network security issue: Portmapper servers

Scheduled Pinned Locked Moved Solved Support
securityfirewall
7 Posts 4 Posters 755 Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    dfoy
    wrote on last edited by girish
    #1

    I continue to get the following alert from my ISP (Vultr.com, where shared servers are called "instances")
    [begin quote]
    ...
    Recent network security audits have detected some issues on your instances. Please review the following reports and help us to ensure the security of our network:
    == Portmapper servers ==
    Portmapper is a service usually used with NFS. When this is not properly firewalled, it can be abused to conduct DDOS attacks. We recommend that all portmapper services be behind a firewall, and restricted to only IPs that need to contact them.
    For Linux machines, please add firewall rules to block port 111 on both UDP and TCP:

    iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP
    iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP

    Please see https://blog.cloudflare.com/reflections-on-reflections/ for more information on reflection attacks.

    The following IPs have been detected running open portmapper servers:
    [my cloudron IP was shown here]
    If you believe these reports to be false positives, please let us know.

    [end of quote]

    How should I address this?

    girishG 1 Reply Last reply
    0
    • girishG Offline
      girishG Offline
      girish Staff
      replied to dfoy on last edited by
      #2

      @dfoy Cloudron does not install NFS server and there should be nothing in port 111. Even if NFS package was installed and server is running, Cloudron firewall does not open port 111.

      Did you install NFS on your server by any chance ? Are you able to connect with telnet <server-ip> 111 ? Otherwise, this looks like a false positive.

      D 1 Reply Last reply
      0
      • D Offline
        D Offline
        dfoy
        replied to girish on last edited by
        #3

        @girish Thanks. I'll take this up with Vultr.
        David Foy

        girishG 1 Reply Last reply
        0
        • girishG Offline
          girishG Offline
          girish Staff
          replied to dfoy on last edited by
          #4

          @dfoy yes, let us know what they say. Happy to make fixes, if any needed.

          1 Reply Last reply
          0
          • potemkin_aiP Offline
            potemkin_aiP Offline
            potemkin_ai
            wrote on last edited by
            #5 
            # systemctl list-sockets | grep 111
0.0.0.0:111                               rpcbind.socket                   rpcbind.service
0.0.0.0:111                               rpcbind.socket                   rpcbind.service
[::]:111                                  rpcbind.socket                   rpcbind.service
[::]:111                                  rpcbind.socket                   rpcbind.service

# systemctl status rpcbind
● rpcbind.service - RPC bind portmap service
     Loaded: loaded (/lib/systemd/system/rpcbind.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-06-10 03:40:28 CEST; 2 weeks 1 day ago
TriggeredBy: ● rpcbind.socket
       Docs: man:rpcbind(8)
   Main PID: 514 (rpcbind)
      Tasks: 1 (limit: 9345)
     Memory: 1.8M
        CPU: 2.382s
     CGroup: /system.slice/rpcbind.service
             └─514 /sbin/rpcbind -f -w

Jun 10 03:40:28 myserver systemd[1]: Starting RPC bind portmap service...
Jun 10 03:40:28 myserver systemd[1]: Started RPC bind portmap service.

# nc -v localhost 111
Connection to localhost (::1) 111 port [tcp/sunrpc] succeeded!

            That is only on my servers with Cloudron on the servers where nothing except for Cloudron install script has been ever done.

            It's opened by init, i.e. systemd.

            Any thoughts?

            1 Reply Last reply
            1
            • nebulonN Offline
              nebulonN Offline
              nebulon Staff
              wrote on last edited by
              #6

              Cloudron does not use or open port 111 on its own, but it seems that port is related to NFS. So maybe you are using NFS on the system?

              1 Reply Last reply
              0
              • girishG Offline
                girishG Offline
                girish Staff
                wrote on last edited by
                #7

                @potemkin_ai thanks for reporting.

                It seems nfs-common depends on rpcbind which starts the service at port 111. rpcbind is only needed for NFSv3 . I have disabled rpcbind in the next release (8.0.1) . Cloudron only supports NFSv4 out of the box.

                1 Reply Last reply
                0

                • Login
                • Don't have an account? Register
                • Login or register to search.
                • First post
                  Last post
                0
                • Categories
                • Recent
                • Tags
                • Popular
                • Bookmarks
                • Search