Package: rpcbind Version: 0.2.1-6+deb8u1 Severity: important Dear Maintainer,
I'm not sure if this was already reported, as I found a description of the issue via Google. Today I noticed unusual traffic from one of my hosts. It was traffic from and to rpcbind. So sniffed the traffic and found it to be V2 Dump and QUIC Calls. A quick search via Google confirmend, that this is a new kind of UDP amplificator attack. I started looking for a way to configure rpcbind to define which calls I would expose or even which calls I would expose to which IP ranges but found none at the first glimpse. So solved with iptables at the moment. Is there a way to mitigate such attacks with the means of rpcbind itself? -Benoit- -- System Information: Debian Release: 8.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages rpcbind depends on: ii initscripts 2.88dsf-59 ii insserv 1.14.0-5 ii libc6 2.19-18+deb8u4 ii libtirpc1 0.2.5-1 ii libwrap0 7.6.q-25 ii lsb-base 4.1+Debian13+nmu1 rpcbind recommends no packages. rpcbind suggests no packages. -- no debconf information
