Networking
cancel
Showing results for 
Search instead for 
Did you mean: 

TCP and UDP port 111 how do I disable them?

Mike Dunn
Occasional Contributor

TCP and UDP port 111 how do I disable them?

111 Portmapper Available 83 Exposure Automated Exploit Network Reconnaissance CVE-1999-0632 The portmapper service was detected on the system.

The portmapper/sunrpc service can be used by intruders to survey hosts with vulnerable RPC services. The Portmapper service maps RPC services to the dynamic port numbers they currently reside on. Since many RPC services are vulnerable to exploitation, this service provides sensitive strategic information to remote intruders. Furthermore, it should be noted that an intruder does not have to access the portmapper service to make connections to RPC services. Specialized scanning tools can find RPC services by scanning for them directly.

 

Need to resolve this security issue.

1 REPLY
Matti_Kurkela
Honored Contributor

Re: TCP and UDP port 111 how do I disable them?

"Specialized scanning tools can find RPC services by scanning for them directly."

In other words, disabling/blocking this port won't help much if you don't protect the actual RPC services you're using, and/or don't disable the RPC services you don't need. If the actual RPC services are shut down, then the

only information available from port 111 is "no, there are no RPC services running, other than this port 111 itself".

 

This CVE is from year 1999: what was a "specialized scanning tool" back then, is now likely be a standard functionality of most common scanning tools.

 

In HP-UX, the RPC portmapper process is named "rpcbind". It is started by /sbin/init.d/nfs.core, or by the startup script of any standard HP-UX RPC service that requires it (at least nfs.client, nfs.server, nis.client, nis.server, nisplus.client and nisplus.server).

 

Disabling "rpcbind" means your system will no longer fulfill the SunRPC requirements, so it may be difficult or impossible to use:

  • NFS, either to share filesystems or to mount shares from other hosts
  • Ignite-UX make_net_recovery and related functions, because they require NFS.
  • NIS.
  • other services, depending on your situation. (For example, Legato NetWorker backup software requires access to SunRPC portmapper to function correctly. If you use this backup software, disabling rpcbind would cause your backups to fail!)

You might find that disabling port 111 would cause you to lose some important functionality. (Personally, I think Ignite-UX make_net_recovery is rather important!)

In that case, you will need to make sure access to port 111 is limited in some other way. You could (and should!) use firewalls in your network and/or IPFilter installed on your server to restrict access to port 111, so that only hosts with a known, legitimate requirement to access RPC services will be allowed to access it.

 

You can see a human-readable version of the information available via port 111 by running:

rpcinfo -p

 Before disabling rpcbind, make sure all the services listed by "rpcinfo -p" are unnecessary to you and disable them first. As each service is disabled, it should vanish from the "rpcinfo -p" listing. Once the list is empty, you can disable rpcbind.

MK