1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Open PortMapper

Discussion in 'General Wireless Discussion' started by Pabla, Dec 3, 2019.

  1. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    So just today got an email from my ISP saying they have found a vulnerability in my IP. Here is a snipped of the email they sent "Open-Portmapper - This report identifies hosts that have the Portmapper service (see Wikipedia for general information on this service) running and accessible on the public internet. This service has the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks (see US-CERT Alert TA14-017A) and Level3s Blog for more information).In addition to being used in denial of service attacks, portmapper can be used to obtain a large amount of information about the target, including the NFS exports that are hosted by that device, if the mountd program is also accessible." Im very worried as my home control system and my computers are all obviously on my local network and worried if they have been compromised. Ive done some research on the Open Portmapper and have read that it has to do with NFS exports (which I use to access my HDD connected to my rt-ac3100 locally). I turned it off just as a precautionary step, but now I don't know what else I can do. Is there anyway I can check what's been compromised? Is there a possibility that it was an actual hack?
     
  2. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    This is quite odd. It looks like you have disabled your router's firewall. :eek:

    Check it at Firewall - General > Enable Firewall
     
  3. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    oh my, I never ever disabled it only altered settings that I needed. Enabled it, any other way to make sure im safe now?
     
  4. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    The router's firewall is it's most fundamental method of protection from the internet, it is always enabled by default (e.g. out-of-the-box or after a factory reset).

    The only way to "make sure" you're safe would be to factory reset the router and reconfigure it manually, as well as virus/malware scanning every device on your LAN (including all devices that were ever connected). Anything less that that is a matter for your own judgement based on your knowledge of your network and its devices.
     
  5. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    yes that's what I thought! I never played around with the firewall because like you said its the most fundamental method of protection. Will factory restore today and scan my devices, is turning NFS back on going to make me vulnerable again?
     
  6. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    I expect you forgot you did it somewhen whilst experimenting. For example, in this post you said "have turned off IPV6 firewall".

    Not if the firewall is enabled.
     
  7. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    180
    Location:
    Central Illinois
    Last edited: Dec 3, 2019
  8. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    Ha! Very smart of me didn’t even catch that when I was writing that post, dug my own grave here thanks for the help.
     
  9. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
  10. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    180
    Location:
    Central Illinois
    Check to make sure that RPC is disabled on your ac3100 and block 111 udp on your Virgin Gateway to be accessed from Internet/WAN.
     
  11. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    How would I check to see if RCP is turned off? I can’t find it anywhere
     
  12. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    There is no need, that is exactly what the firewall does!
     
  13. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    RPC is part off NFS. (Strictly speaking it's portmapper not RPC in this context)
     
    Last edited: Dec 3, 2019
  14. Greg72

    Greg72 Regular Contributor

    Joined:
    Sep 24, 2019
    Messages:
    180
    Location:
    Central Illinois
  15. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    As previously discussed it is not RPC per se that is leaking but the portmapper service associated with the router's NFS feature. When NFS is enabled portmapper binds to all interfaces including the WAN. Enabling the router's firewall (or more to the point, not disabling it as he did!) will stop it being accessible from the internet.
     
  16. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    So I’ll be doing a factory restore right now, going to be running security scans on all possible devices. I should be safe to enable NFS as long as firewall is on right?
     
  17. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    Thanks for the help though, really appreciate it
     
  18. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    so now I have been able to sit down and properly assess the situation. Could this have anything to do with me VPNing into my network to access my ai-HDD?
     
  19. ColinTaylor

    ColinTaylor Part of the Furniture

    Joined:
    Mar 31, 2014
    Messages:
    9,794
    Location:
    UK
    No.
     
  20. Pabla

    Pabla Regular Contributor

    Joined:
    Oct 28, 2018
    Messages:
    53
    So just a little update. I reached out to my ISP for any further assistance/information and it turns out that it was a mistake on their end and I was NOT hacked. A little inconvenient, but hey at least I realized my firewall was disabled (now it’s not). Thanks for the help once again!