This site is brought to you by the Electrical and Computer Engineering department

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Systems Vulnerable to Participating in UDP Amplification Attacks

A system allows its portmap service to be queried from the public Internet. Portmapper is an RPC service, which always listens on tcp and udp 111, and is used to map other RPC
services (such as nfs, nlockmgr, quotad, mountd, etc.) to their corresponding port number on the server. When a remote host makes an RPC call to that server, it first consults with
portmap to determine where the RPC server is listening.Querying portmapper is a small request (~82 bytes via UDP) which generates a large response (7x to 28x amplification), which
makes it a good candidate for DDoS attacks--especially considering its prevalence among virtually all modern Unix systems.

Portmap must be restricted from the public internet with access controls or authentication.

 

 

 

 

 

  • No labels

Confluence Documentation | Web Privacy Policy | Web Accessibility