Systems Vulnerable to Participating in UDP Amplification Attacks
...
Portmap must be restricted from the public internet with access controls or authentication.
Prevention Options for Linux, Windows, and Network Printers
Linux
1)
...
Uninstall NFS server, NFS client, and Portmapper (RPCbind)
Open a command-line terminal and then type the following command:
$ sudo apt-get --purge remove nfs-kernel-server nfs-common rpcbind
2) Portmap Lockdown via TCP Wrapper
Open a command-line terminal and then type the following command to uninstall NFS client and server services as follows::
$ sudo nano /etc/hosts.allow
Add the following lines:
rpcbind: 146.6.101.0/255.255.255.0
rpcbind: 128.83.190.0/255.255.255.0
rpcbind: 129.116.100.192/255.255.255.192
rpcbind: 129.116.238.128/255.255.255.192
rpcbind: 146.6.28.64/255.255.255.192
rpcbind: 146.6.53.0/255.255.255.0
rpcbind: 146.6.177.0/255.255.255.192
rpcbind: 129.116.140.0/255.255.255.0
rpcbind: 129.116.234.0/255.255.255.0
rpcbind: 172.25.1.0/255.255.255.224
rpcbind: 206.76.64.0/255.255.192.0
rpcbind: 198.213.192.0/255.255.192.0
rpcbind: 172.29.0.0/255.255.0.0
rpcbind: 10.0.0.0/255.0.0.0
Save the changes made to the file.Type the following command:
$ sudo nano /etc/hosts.deny
Add the following lines:
rpcbind: ALL
Save the changes made to the file.Windows
Create Inbound Rules to protect RPC Endpoint Mapper service and RPC-enabled network services
To create a rule to allow inbound network traffic to the RPC Endpoint Mapper service
In the navigation pane, click Inbound Rules.
Click Action, and then click New rule.
On the Rule Type page of the New Inbound Rule Wizard, click Custom, and then click Next.
On the Program page, click This Program Path, and then type %systemroot%\system32\svchost.exe.
Click Customize.
In the Customize Service Settings dialog box, click Apply to this service, select Remote Procedure Call (RPC) with a short name of RpcSs, click OK, and then click Next.
On the warning about Windows service-hardening rules, click Yes.
On the Protocol and Ports dialog box, for Protocol type, select TCP.
For Local port, select RPC Endpoint Mapper, and then click Next.
On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click Next.
On the Action page, select Allow the connection, and then click Next.
On the Profile page, select the network location types to which this rule applies, and then click Next.
On the Name page, type a name and description for your rule, and then click Finish.
To create a rule to allow inbound network traffic to RPC-enabled network services
On the same GPO you edited in the preceding procedure, click Action, and then click New rule.
On the Rule Type page of the New Inbound Rule Wizard, click Custom, and then click Next.
On the Program page, click This Program Path, and then type the path to the executable file that hosts the network service. Click Customize.
In the Customize Service Settings dialog box, click Apply to this service, and then select the service that you want to allow. If the service does not appear in the list, then click Apply to service with this service short name, and then type the short name of the service in the text box.
Click OK, and then click Next.
On the Protocol and Ports dialog box, for Protocol type, select TCP.
For Local port, select RPC Dynamic Ports, and then click Next.
On the Scope page, you can specify that the rule applies only to network traffic to or from the IP addresses entered on this page. Configure as appropriate for your design, and then click Next.
On the Action page, select Allow the connection, and then click Next.
On the Profile page, select the network location types to which this rule applies, and then click Next.
On the Name page, type a name and description for your rule, and then click Finish.
Network Printers
ECE-IT will move network printers to campus-only (private) printer networks.