Are you wondering how to disable portmapper service on CentOS 7? Here’s everything you need to know about it.
An Open Network Computing Remote Procedure Call (ONC RPC) service, port mapper is operated on network nodes that offer other ONC RPC services. The problem is that an attacker can use the portmapper for various DDoS attacks.
Using this service, the attacker can gain information about the network, such as running RPC services or existing network shares. Also, the attacker can launch attacks on your network. Therefore, as a network administrator, you should ensure the proper security and configuration of the portmapper service.
If you don’t need the port mapper service, it is better to stop it. This article will discuss how we can stop the portmapper service. Then, we will also discuss how we can permanently disable the service. In the next section, we start with a brief introduction to the portmapper service.
We also discuss various security vulnerabilities associated with the portmapper service, such as information disclosure, unauthorized access, amplification attacks, and unpatched vulnerability. As well as the process of stopping/disabling the service. Finally, we’ll also verify if the service has been disabled.
What is a port mapper?
A portmapper can help provide remote procedure calls (RPC) like NFS mounts. It is a network service that can map RPC program numbers to IP addresses and transport protocol ports of the servers. The following are the primary uses of the portmapper service:
- Clients can use it to locate network services.
- The servers can use it for advertising services.
The port mapper service is used along with other RPC services. This includes the network file system (NFS) and network information service (NIS). The port mapper service runs on port 111 of the transmission control protocol (TCP) and user datagram protocol (UDP).
Several vulnerabilities in the portmapper were found in 2015. Since then, experts have recommended disabling it (if the service is not required). At least the port should be disabled using TCP wrappers or a firewall. Before proceeding further, let’s discuss some of the vulnerabilities of the portmapper.
Note: The port mapper service is also called the RPC bind service.
Different types of associated vulnerabilities with portmapper
There are several vulnerabilities associated with the portmapper service. These issues can arise if it needs to be configured correctly. Below, we discuss some of the vulnerabilities related to the portmapper service:
- The service can be used for information disclosure and privacy attacks. For instance, an attacker can gain information about the network services on the system and then use this information to plan a specific type of attack on the system.
- If the services are not correctly configured, the port mapper service can be used to gain unauthorized access to various services running on the network.
- An amplification attack is also possible. For example, an attacker can use a spoofed (fake) IP address and send a request packet to the portmapper service. The portmapper is then asked to send a large volume of data back. This could compromise the availability of the network.
- There can also be several unpatched vulnerabilities in the portmapper service. An intruder can use these vulnerabilities to launch different types of attacks on the target system.
Essential security measures for portmapper services
It is necessary to ensure the portmapper is configured correctly to avoid vulnerability issues. The steps that can be employed are:
- Update your system and provide all the security patches are applied
- Configure the firewall to limit portmapper
- Disable portmapper service on CentOS7 if not required
Usage of portmapper
We will briefly discuss the usage of the portmapper service. You can use the portmapper service to get the list of RPC services with rpcbind on the host. To get the list of RPC services, you can use the following command:
$rpcinfo –p
You should see the list of services like the following:
Here we have not specified any host as an argument. Hence, localhost is the default target machine. To get information about a specific host, you can use the following command:
$rpcinfo -p 192.168.0.2
The portmapper service can send a ping to a specified host. Following is the format to ping:
$rpcinfo -u [hostname] [program_number] [version_number]
Stopping and disabling the portmapper services
We will now discuss how to disable portmapper service on CentOS 7 system. First, we will discuss how we can stop the portmapper service. Then, we will discuss the process of disabling the portmapper service permanently.
How to Disable Portmapper Service on CentOS7
If you are sure that portmapper service is not required on your system, you can disable it. First, check that the service is running on your system with the help of the following command:
$ systemctl status rpcbind
Now, you can stop the services using the following command:
systemctl stop rpcbind
systemctl stop rpcbind.socket
Verifying the services have been stopped
You can verify that the services have been stopped by using the following command:
rpcinfo –p
You should see the following message:
rpcinfo: can’t contact portmapper: RPC: Remote system error – Connection refused
Note: Disabling or stopping the portmapper service may cause other dependent services to stop functioning. Hence, care must be exercised to ensure that no other service is dependent on the portmapper service
Stop the portmapper service permanently
If you want to stop the service permanently such that it doesn’t restart even after a reboot, you can use the following command to disable the service:
systemctl disable rpcbind
You can verify once again that the service is stopped with the help of the following command:
rpcinfo –p
Verifying if the port is open using nmap
We can use the nmap to connect to the server on the specified port. It should give an error. Try the following command:
$nmap -Pn -sU -p U:111 --script=rpcinfo 192.0.2.0
We have specified the server internet protocol (IP) address in the above command as 192.0.2.0.
In this article, we have talked about how to disable portmapper service on CentOS 7. With it, an intruder or hacker can launch a distributed denial of service (DDoS) attack.
We also discussed how we could stop the service and how to disable it and not let it start on system boot. Finally, we have also tackled various commands to verify if the portmapper service is not running on the system.
If this guide helped you, please share it.
