同事收到一封主机商邮件说
Dear Customer,
Recent network security audits have detected some issues on your
instances. Please review the following reports and help us to ensure
the security of our network:== Portmapper servers == Portmapper is a service usually used with NFS. When this is not properly firewalled, it can be abused to
conduct DDOS attacks. We recommend that all portmapper services be
behind a firewall, and restricted to only IPs that need to contact
them.For Linux machines, please add firewall rules to block port 111 on
both UDP and TCP:iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP iptables -I
INPUT 1 -m udp -p udp --dport 111 -j DROPPlease see https://blog.cloudflare.com/reflections-on-reflections/ for
more information on reflection attacks.The following IPs have been detected running open portmapper servers:
149.28.224.51:111 - at 2020-04-14 10:24:46If you believe these reports to be false positives, please let us
know.– Vultr.com Support Team –
通过端口查到使用111的是systemd,网上说实际用的是rpcbind,关闭命令如下:
# 停止进程
$ systemctl stop rpcbind.socket
$ systemctl stop rpcbind
# 禁止随开机启动
$ systemctl disable rpcbind.socket
$ systemctl disable rpcbind