Versions Compared

Old Version 11

changes.mady.by.user Gabriel Hernandez

Saved on

compared with

New Version 12

changes.mady.by.user Rick Gomez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Systems Vulnerable to Participating in UDP Amplification Attacks

...

1)  Uninstall NFS server, NFS client, and Portmapper (RPCbind)

       Open a command-line terminal and then type the following command:

       $ sudo apt-get --purge remove nfs-kernel-server nfs-common rpcbind

 2)  Portmap Lockdown via TCP Wrapper

     **Note**

      Solaris system TCP Wrappers not are enabled by default. Open a command-line terminal and enter the following commands to enable rpcbind TCP Wrappers:
       # svccfg -s rpc/bind setprop config/enable_tcpwrappers=true
       # svcadm refresh rpc/bind

...

      For all other Linux systems:

      Open a command-line terminal and then type the following command:

      $ sudo nano /etc/hosts.allow

        Add the following lines:

rpcbind: 146.6.101.0/255.255.255.0
rpcbind: 128.83.190.0/255.255.255.0
rpcbind: 129.116.100.192/255.255.255.192
rpcbind: 129.116.238.128/255.255.255.192
rpcbind: 146.6.28.64/255.255.255.192
rpcbind: 146.6.53.0/255.255.255.0
rpcbind: 146.6.177.0/255.255.255.192
rpcbind: 129.116.140.0/255.255.255.0
rpcbind: 129.116.234.0/255.255.255.0
rpcbind: 172.25.1.0/255.255.255.224
rpcbind: 206.76.64.0/255.255.192.0
rpcbind: 198.213.192.0/255.255.192.0
rpcbind: 172.29.0.0/255.255.0.0
rpcbind: 10.0.0.0/255.0.0.0
rpcbind: 10.157.31.128/255.255.255.128
rpcbind: 10.157.33.0/255.255.255.0
rpcbind: 10.157.30.64/255.255.255.192
rpcbind: 10.157.34.0/255.255.255.0

...

                                                                                                                                                                                                                                                          rpcbind: 10.157.26.0/255.255.255.128                                                                                                                                                                                                                                           rpcbind: 10.157.27.0/255.255.255.0                                                                                                                                                                                                                                                 rpcbind: 10.157.31.0/255.255.255.128                                                                                                                                                                                                                                           rpcbind: 10.157.29.0/255.255.255.128                                                                                                                                                                                                                                           rpcbind: 10.157.29.128/255.255.255.128                                                                                                                                                                                                                                         rpcbind:  10.157.30.0/255.255.255.192

   Save the changes made to the file.

     

        Type the following command:

       sudo nano /etc/hosts.deny

           Add the following lines:

          rpcbind: ALL

    Save the changes made to the file.

...

"Consider placing sensitive MFDs on their own VLAN, which may make them easier to identify and secure. It is also strongly advised to give MFDs campus-routed RFC 1918 addresses
so that they are not accessible from the Internet. It is rare that an MFD needs to be accessed from off-campus, and a VPN can be used in those instances.”