Misplaced Pages

Portmap

Article snapshot taken from Wikipedia with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

The port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes that provide other ONC RPC services.

Version 2 of the port mapper protocol maps ONC RPC program number/version number pairs to the network port number for that version of that program. When an ONC RPC server is started, it will tell the port mapper, for each particular program number/version number pair it implements for a particular transport protocol (TCP or UDP), what port number it is using for that particular program number/version number pair on that transport protocol. Clients wishing to make an ONC RPC call to a particular version of a particular ONC RPC service must first contact the port mapper on the server machine to determine the actual TCP or UDP port to use.

Versions 3 and 4 of the protocol, called the rpcbind protocol, map a program number/version number pair, and an indicator that specifies a transport protocol, to a transport-layer endpoint address for that program number/version number pair on that transport protocol.

The port mapper service always uses TCP or UDP port 111; a fixed port is required for it, as a client would not be able to get the port number for the port mapper service from the port mapper itself.

The port mapper must be started before any other RPC servers are started.

The port mapper service first appeared in SunOS 2.0.

Example portmap instance

This shows the different programs and their versions, and which ports they use. For example, it shows that NFS is running, both version 2 and 3, and can be reached at TCP port 2049 or UDP port 2049, depending on what transport protocol the client wants to use, and that the mount protocol, both version 1 and 2, is running, and can be reached at UDP port 644 or TCP port 645, depending on what transport protocol the client wants to use.

 $ rpcinfo -p 
  program vers proto   port
   100000    2   tcp    111  portmapper
   100000    2   udp    111  portmapper
   100003    2   udp   2049  nfs
   100003    3   udp   2049  nfs
   100003    4   udp   2049  nfs
   100003    2   tcp   2049  nfs
   100003    3   tcp   2049  nfs
   100003    4   tcp   2049  nfs
   100024    1   udp  32770  status
   100021    1   udp  32770  nlockmgr
   100021    3   udp  32770  nlockmgr
   100021    4   udp  32770  nlockmgr
   100024    1   tcp  32769  status
   100021    1   tcp  32769  nlockmgr
   100021    3   tcp  32769  nlockmgr
   100021    4   tcp  32769  nlockmgr
   100005    1   udp    644  mountd
   100005    1   tcp    645  mountd
   100005    2   udp    644  mountd
   100005    2   tcp    645  mountd
   100005    3   udp    644  mountd
   100005    3   tcp    645  mountd

Security concerns

The port mapper service was discovered to be used in Distributed Denial of Service (DDoS) attacks and Distributed Reflective Denial of Service (DRDoS) attacks in 2015. By using a spoofed port mapper request, an attacker can amplify the effects on a target because a portmap query will return many times more data than in the original request.

References

  1. Level 3 Threat Research Labs (August 17, 2015). "A New DDoS Reflection Attack: Portmapper; An Early Warning to the Industry".{{cite web}}: CS1 maint: numeric names: authors list (link)

External links

Categories: