Versions Compared

Old Version 12

changes.mady.by.user Rick Gomez

Saved on

compared with

New Version Current

changes.mady.by.user Rick Gomez

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Systems Vulnerable to Participating in UDP Amplification Attacks

...

1)  Uninstall NFS server, NFS client, and Portmapper (RPCbind)

       Open a command-line terminal and then type the following command:

       $ sudo apt-get --purge remove nfs-kernel-server nfs-common rpcbind

 2)  Portmap Lockdown via TCP Wrapper

     **Note**

      Solaris system TCP Wrappers not are enabled by default. Open a command-line terminal and enter the following commands to enable rpcbind TCP Wrappers:
       # svccfg -s rpc/bind setprop config/enable_tcpwrappers=true
       # svcadm refresh rpc/bind

...

      For all other Linux systems:

      Open a command-line terminal and then type the following command:

      $ sudo nano /etc/hosts.allow

        Add the following lines:

rpcbind: 146.6.101.0/255.255.255.0
rpcbind: 128.83.190.0/255.255.255.0
rpcbind: 129.116.100.192/255.255.255.192
rpcbind: 129.116.238.128/255.255.255.192
rpcbind: 146.6.28.64/255.255.255.192
rpcbind: 146.6.53.0/255.255.255.0
rpcbind: 146.6.177.0/255.255.255.192
rpcbind: 129.116.140.0/255.255.255.0
rpcbind: 129.116.234.0/255.255.255.0
rpcbind: 172.25.1.0/255.255.255.224
rpcbind: 206.76.64.0/255.255.192.0
rpcbind: 198.213.192.0/255.255.192.0
rpcbind: 172.29.0.0/255.255.0.0
rpcbind: 10.0.0.0/255.0.0.0
rpcbind: 10.157.31.128/255.255.255.128
rpcbind: 10.157.33.0/255.255.255.0
rpcbind: 10.157.30.64/255.255.255.192
rpcbind: 10.157.34.0/255.255.255.0                                                                                                                                                                                                                                                           rpcbind: 10.157.26.0/255.255.255.128                                                                                                                                                                                                                                           255.255.255.0

rpcbind: 10.157.26.0/255.255.255.128

rpcbind: 10.157.27.0/255.255.255.0                                                                                                                                                                                                                                                

rpcbind: 10.157.31.0/255.255.255.128                                                                                                                                                                                                                                          

rpcbind: 10.157.29.0/255.255.255.128                                                                                                                                                                                                                                          

rpcbind: 10.157.29.128/255.255.255.128                                                                                                                                                                                                                                        

rpcbind:  10.157.30.0/255.255.255.192

   Save the changes made to the file.

...

       Type the following command:
       sudo nano /etc/hosts.deny
           Add the following lines:
         rpcbind: ALL
...
"Consider placing sensitive MFDs on their own VLAN, which may make them easier to identify and secure. It is also strongly advised to give MFDs campus-routed RFC 1918 addresses 
so that they are not accessible from the Internet. It is rare that an MFD needs to be accessed from off-campus, and a VPN can be used in those instances.”