Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse

Cloudron Forum

Apps | Demo | Docs | Install

Network security issue: Portmapper servers

Scheduled Pinned Locked Moved Solved Support
securityfirewall
4 Posts 2 Posters 272 Views
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • D Offline
    D Offline
    dfoy
    wrote on last edited by girish
    #1

    I continue to get the following alert from my ISP (Vultr.com, where shared servers are called "instances")
    [begin quote]
    ...
    Recent network security audits have detected some issues on your instances. Please review the following reports and help us to ensure the security of our network:
    == Portmapper servers ==
    Portmapper is a service usually used with NFS. When this is not properly firewalled, it can be abused to conduct DDOS attacks. We recommend that all portmapper services be behind a firewall, and restricted to only IPs that need to contact them.
    For Linux machines, please add firewall rules to block port 111 on both UDP and TCP:

    iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP
    iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP

    Please see https://blog.cloudflare.com/reflections-on-reflections/ for more information on reflection attacks.

    The following IPs have been detected running open portmapper servers:
    [my cloudron IP was shown here]
    If you believe these reports to be false positives, please let us know.

    [end of quote]

    How should I address this?

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to dfoy on last edited by
    #2

    @dfoy Cloudron does not install NFS server and there should be nothing in port 111. Even if NFS package was installed and server is running, Cloudron firewall does not open port 111.

    Did you install NFS on your server by any chance ? Are you able to connect with telnet <server-ip> 111 ? Otherwise, this looks like a false positive.

    D 1 Reply Last reply
    0
  • D Offline
    D Offline
    dfoy
    replied to girish on last edited by
    #3

    @girish Thanks. I'll take this up with Vultr.
    David Foy

    girishG 1 Reply Last reply
    0
  • girishG Offline
    girishG Offline
    girish Staff
    replied to dfoy on last edited by
    #4

    @dfoy yes, let us know what they say. Happy to make fixes, if any needed.

    1 Reply Last reply
    0

  • Login

  • Don't have an account? Register

  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Login

  • Don't have an account? Register

  • Login or register to search.