What's new

Open PortMapper

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Pabla

Regular Contributor
So just today got an email from my ISP saying they have found a vulnerability in my IP. Here is a snipped of the email they sent "Open-Portmapper - This report identifies hosts that have the Portmapper service (see Wikipedia for general information on this service) running and accessible on the public internet. This service has the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks (see US-CERT Alert TA14-017A) and Level3s Blog for more information).In addition to being used in denial of service attacks, portmapper can be used to obtain a large amount of information about the target, including the NFS exports that are hosted by that device, if the mountd program is also accessible." Im very worried as my home control system and my computers are all obviously on my local network and worried if they have been compromised. Ive done some research on the Open Portmapper and have read that it has to do with NFS exports (which I use to access my HDD connected to my rt-ac3100 locally). I turned it off just as a precautionary step, but now I don't know what else I can do. Is there anyway I can check what's been compromised? Is there a possibility that it was an actual hack?
 
This is quite odd. It looks like you have disabled your router's firewall. :eek:

Check it at Firewall - General > Enable Firewall
 
This is quite odd. It looks like you have disabled your router's firewall. :eek:

Check it at Firewall - General > Enable Firewall
oh my, I never ever disabled it only altered settings that I needed. Enabled it, any other way to make sure im safe now?
 
The router's firewall is it's most fundamental method of protection from the internet, it is always enabled by default (e.g. out-of-the-box or after a factory reset).

The only way to "make sure" you're safe would be to factory reset the router and reconfigure it manually, as well as virus/malware scanning every device on your LAN (including all devices that were ever connected). Anything less that that is a matter for your own judgement based on your knowledge of your network and its devices.
 
The router's firewall is it's most fundamental method of protection from the internet, it is always enabled by default (e.g. out-of-the-box or after a factory reset).

The only way to "make sure" you're safe would be to factory reset the router and reconfigure it manually, as well as virus/malware scanning every device on your LAN (including all devices that were ever connected). Anything less that that is a matter for your own judgement based on your knowledge of your network and its devices.
yes that's what I thought! I never played around with the firewall because like you said its the most fundamental method of protection. Will factory restore today and scan my devices, is turning NFS back on going to make me vulnerable again?
 
yes that's what I thought! I never played around with the firewall because like you said its the most fundamental method of protection.
I expect you forgot you did it somewhen whilst experimenting. For example, in this post you said "have turned off IPV6 firewall".

... is turning NFS back on going to make me vulnerable again?
Not if the firewall is enabled.
 
I expect you forgot you did it somewhen whilst experimenting. For example, in this post you said "have turned off IPV6 firewall".

Not if the firewall is enabled.
Ha! Very smart of me didn’t even catch that when I was writing that post, dug my own grave here thanks for the help.
 
Check to make sure that RPC is disabled on your ac3100 and block 111 udp on your Virgin Gateway to be accessed from Internet/WAN.
 
That is the thing. There should not be a RPC leak. Something on your network is doing so and you need to block UDP Port 111 from Outbound on the router.
As previously discussed it is not RPC per se that is leaking but the portmapper service associated with the router's NFS feature. When NFS is enabled portmapper binds to all interfaces including the WAN. Enabling the router's firewall (or more to the point, not disabling it as he did!) will stop it being accessible from the internet.
 
So I’ll be doing a factory restore right now, going to be running security scans on all possible devices. I should be safe to enable NFS as long as firewall is on right?
 
so now I have been able to sit down and properly assess the situation. Could this have anything to do with me VPNing into my network to access my ai-HDD?
 
So just a little update. I reached out to my ISP for any further assistance/information and it turns out that it was a mistake on their end and I was NOT hacked. A little inconvenient, but hey at least I realized my firewall was disabled (now it’s not). Thanks for the help once again!
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top