Any have any idea what this is about? Perhaps someone could respond to
OSUOSL asking about which host/IP is in question?
The second link doesn't actually get to an article.
Thanks,
Alex
-------- Forwarded Message --------
Subject: [support.osuosl.org #29763] projects.osgeo.osuosl.org
portmapper vulnerability
Date: Fri, 29 Sep 2017 11:40:13 -0700
From: Cody Holliday via RT <support@osuosl.org>
Reply-To: support@osuosl.org
CC: sysadmin@osgeo.org, tech@wildintellect.com, rootmail-students@osuosl.org
Here is a little more information on the vulnerability and how to test
if you
are still vulnerable:
Exposed RPC portmapper services are used for amplification
attacks. You can test exposure with the following shell commands:
$ rpcinfo -T udp -p <ipaddress>
$ showmount -e <ipaddress>
* https://www.us-cert.gov/ncas/alerts/TA14-017A
--Cody Holliday
On Thu Sep 28 12:58:08 2017, codysseus wrote:
Hello Alex!
We have a report from NERO that says one of your hosts is running a
vulnerable
portmapper service. Here is the report from NERO:2017-07-24 03:54:21
exports:
protocol: udp
naics: 0
port: 111
programs: 100000 4 111/udp; 100000 3 111/udp; 100000 2 111/udp; 100000
4
111/udp; 100000 3 111/udp; 100000 2 111/udp; 100024 1 52846/udp;
100024 1
55377/udp;
mountd_port:17-07-24 03:54:21--Cody Holliday