Linux下111端口有何作用

小樱

Dear Customer,

Recent network security audits have detected some issues on your instances.  Please review the following reports and help us to ensure the security of our network:



== Portmapper servers ==
Portmapper is a service usually used with NFS.  When this is not properly firewalled, it can be abused to conduct DDOS attacks.  We recommend that all portmapper services be behind a firewall, and restricted to only IPs that need to contact them.

For Linux machines, please add firewall rules to block port 111 on both UDP and TCP:

iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP
iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP

Please see https://blog.cloudflare.com/reflections-on-reflections/ for more information on reflection attacks.

The following IPs have been detected running open portmapper servers:
0.0.0.0:111 - at 2021-02-02 10:23:09



If you believe these reports to be false positives, please let us know.

不可名