Systems Vulnerable to Participating in UDP Amplification Attacks

A system allows its portmap service to be queried from the public Internet. Portmapper is an RPC service, which always listens on tcp and udp 111, and is used to map other RPC
services (such as nfs, nlockmgr, quotad, mountd, etc.) to their corresponding port number on the server. When a remote host makes an RPC call to that server, it first consults with
portmap to determine where the RPC server is listening.Querying portmapper is a small request (~82 bytes via UDP) which generates a large response (7x to 28x amplification), which
makes it a good candidate for DDoS attacks--especially considering its prevalence among virtually all modern Unix systems.

Portmap must be restricted from the public internet with access controls or authentication.

Prevention Options

Linux

1) Uninstall NFS server, NFS client,and Portmapper(RPCbind)

    Open a command-line terminal and then type the following command to uninstall NFS client and server services as follows: