Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


    Cloudron Forum

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular

    Solved Network security issue: Portmapper servers

    Support
    security firewall
    2
    4
    211
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dfoy last edited by girish

      I continue to get the following alert from my ISP (Vultr.com, where shared servers are called "instances")
      [begin quote]
      ...
      Recent network security audits have detected some issues on your instances. Please review the following reports and help us to ensure the security of our network:
      == Portmapper servers ==
      Portmapper is a service usually used with NFS. When this is not properly firewalled, it can be abused to conduct DDOS attacks. We recommend that all portmapper services be behind a firewall, and restricted to only IPs that need to contact them.
      For Linux machines, please add firewall rules to block port 111 on both UDP and TCP:

      iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP
      iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP

      Please see https://blog.cloudflare.com/reflections-on-reflections/ for more information on reflection attacks.

      The following IPs have been detected running open portmapper servers:
      [my cloudron IP was shown here]
      If you believe these reports to be false positives, please let us know.

      [end of quote]

      How should I address this?

      girish 1 Reply Last reply Reply Quote 0
      • girish
        girish Staff @dfoy last edited by

        @dfoy Cloudron does not install NFS server and there should be nothing in port 111. Even if NFS package was installed and server is running, Cloudron firewall does not open port 111.

        Did you install NFS on your server by any chance ? Are you able to connect with telnet <server-ip> 111 ? Otherwise, this looks like a false positive.

        D 1 Reply Last reply Reply Quote 0
        • D
          dfoy @girish last edited by

          @girish Thanks. I'll take this up with Vultr.
          David Foy

          girish 1 Reply Last reply Reply Quote 0
          • girish
            girish Staff @dfoy last edited by

            @dfoy yes, let us know what they say. Happy to make fixes, if any needed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Powered by NodeBB