Versions Compared

Old Version 11

changes.mady.by.user Gabriel Hernandez

Saved on

compared with

New Version Current

changes.mady.by.user Rick Gomez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Systems Vulnerable to Participating in UDP Amplification Attacks

...

1)  Uninstall NFS server, NFS client, and Portmapper (RPCbind)

       Open a command-line terminal and then type the following command:

       $ sudo apt-get --purge remove nfs-kernel-server nfs-common rpcbind

 2)  Portmap Lockdown via TCP Wrapper

     **Note**

      Solaris system TCP Wrappers not are enabled by default. Open a command-line terminal and enter the following commands to enable rpcbind TCP Wrappers:
       # svccfg -s rpc/bind setprop config/enable_tcpwrappers=true
       # svcadm refresh rpc/bind

...

      For all other Linux systems:

      Open a command-line terminal and then type the following command:

      $ sudo nano /etc/hosts.allow

        Add the following lines:

rpcbind: 146.6.101.0/255.255.255.0
rpcbind: 128.83.190.0/255.255.255.0
rpcbind: 129.116.100.192/255.255.255.192
rpcbind: 129.116.238.128/255.255.255.192
rpcbind: 146.6.28.64/255.255.255.192
rpcbind: 146.6.53.0/255.255.255.0
rpcbind: 146.6.177.0/255.255.255.192
rpcbind: 129.116.140.0/255.255.255.0
rpcbind: 129.116.234.0/255.255.255.0
rpcbind: 172.25.1.0/255.255.255.224
rpcbind: 206.76.64.0/255.255.192.0
rpcbind: 198.213.192.0/255.255.192.0
rpcbind: 172.29.0.0/255.255.0.0
rpcbind: 10.0.0.0/255.0.0.0
rpcbind: 10.157.31.128/255.255.255.128
rpcbind: 10.157.33.0/255.255.255.0
rpcbind: 10.157.30.64/255.255.255.192
rpcbind: 10.157.34.0/255.255.255.0

rpcbind: 10.157.26.0/255.255.255.128

rpcbind: 10.157.27.0/255.255.255.0                                                                                                                                                                                                                                                

rpcbind: 10.157.31.0/255.255.255.128                                                                                                                                                                                                                                          

rpcbind: 10.157.29.0/255.255.255.128                                                                                                                                                                                                                                          

rpcbind: 10.157.29.128/255.255.255.128                                                                                                                                                                                                                                        

rpcbind:  10.157.30.0/255.255.255.192

    SaveSave the changes made to the file.

       Type the following command:

       sudo nano /etc/hosts.deny

           Add the following lines:

          rpcbind: ALL

    Save the changes made to the file.

...

"Consider placing sensitive MFDs on their own VLAN, which may make them easier to identify and secure. It is also strongly advised to give MFDs campus-routed RFC 1918 addresses
so that they are not accessible from the Internet. It is rare that an MFD needs to be accessed from off-campus, and a VPN can be used in those instances.”