I hope you are all doing well.
Recently I have been receiving several complaints from our service provider. Please see the complaint below:
A public-facing device on your network, running on IP address XXX.XXX.XXX.XXX, operates a RPC port mapping service responding on UDP port
111 and participated in a large-scale attack against a customer of ours, generating responses to spoofed requests that claimed to be from the attack target.
Please consider reconfiguring this server in one or more of these ways:
1. Adding a firewall rule to block all access to this host’s UDP port 111
at your network edge (it would continue to be available on TCP port 111 in this case).
2. Adding firewall rules to allow connections to this service (on UDP port
111) from authorized endpoints but block connections from all other hosts.
3. Disabling the port mapping service entirely (if it is not needed).
Unfortunately, I cannot disable NFS which lies at the root of this problem. In addition, I am struggling to find a proper tutorial of moving NFS from udp over to tcp.
May I kindly ask you to point me in a direction or provide me with ideas on how to nail this thing in the ….
Kind Regards Leon