Facebook
Twitter
Dj Master V
Basic Pleskian
Hi everyone, I have received a report of abuse of port 8972 from the server provider.
how can i close it?
----
the Portmapper service (portmap, rpcbind) is required for mapping RPC requests to a network service. The Portmapper service is needed e.g. for mounting network shares using the Network File System (NFS). The Portmapper service runs on port 111 tcp/udp. In addition to being abused for DDoS reflection attacks, the Portmapper service can be used by attackers to obtain information on the target network like available RPC services or network shares. Over the past months, systems responding to Portmapper requests from anywhere on the Internet have been increasingly abused DDoS reflection attacks against third parties. Please find below a list of affected systems hosted on your network. The timestamp (timezone UTC) indicates when the openly accessible Portmapper service was identified. We would like to ask you to check this issue and take appropriate steps to secure the Portmapper services on the affected systems or notify your customers accordingly. If you have recently solved the issue but received this notification again, please note the timestamp included below. You should not receive any further notifications with timestamps after the issue has been solved. Additional information on this notification, advice on how to fix reported issues and answers to frequently asked questions: <BSI - CERT-Bund Reports> Betroffene Systeme in Ihrem Netzbereich: Affected hosts on your networks: "asn","ip","timestamp","rpc_response" "8972","62.138.2.129","2020-04-07 06:15:21","100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;"
how can i close it?
----
the Portmapper service (portmap, rpcbind) is required for mapping RPC requests to a network service. The Portmapper service is needed e.g. for mounting network shares using the Network File System (NFS). The Portmapper service runs on port 111 tcp/udp. In addition to being abused for DDoS reflection attacks, the Portmapper service can be used by attackers to obtain information on the target network like available RPC services or network shares. Over the past months, systems responding to Portmapper requests from anywhere on the Internet have been increasingly abused DDoS reflection attacks against third parties. Please find below a list of affected systems hosted on your network. The timestamp (timezone UTC) indicates when the openly accessible Portmapper service was identified. We would like to ask you to check this issue and take appropriate steps to secure the Portmapper services on the affected systems or notify your customers accordingly. If you have recently solved the issue but received this notification again, please note the timestamp included below. You should not receive any further notifications with timestamps after the issue has been solved. Additional information on this notification, advice on how to fix reported issues and answers to frequently asked questions: <BSI - CERT-Bund Reports> Betroffene Systeme in Ihrem Netzbereich: Affected hosts on your networks: "asn","ip","timestamp","rpc_response" "8972","62.138.2.129","2020-04-07 06:15:21","100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp;"
Last edited:
