NOTICE: ITS blocking portmap with UDP/111

This message is intended for U-M IT staff who use portmap with the UDP/111 protocol or who support others at the university who use it.

Hello U-M IT staff,
To stop ongoing attacks that make use of university systems using portmap with User Datagram Protocol (UDP/111), ITS implemented blocking of the UDP/111 protocol at the campus network's border with the Internet earlier today. We are not aware of any use of this protocol for U-M systems and services but wanted to let you know about the blocking in case you or the people you work with do use it.

Portmap is used by Network File System (NFS), but it is most frequently used with the Transmission Control Protocol (TCP). People who use portmap with UDP for NFS with an on-campus server and an off-campus client may see:

• Slowness of NFS mounting (due to time outs attempting to use Remote Procedure Call (RPC) services such as lockd).
• Inability to mount NFS shares.

If you experience these problems, you can either switch to use of TCP or contact the ITS Service Center to request an exception to the blocking for specific systems or services.

Regards,
—ITS Information and Infrastructure Assurance

References

• A New DDoS Reflection Attack: Portmapper; An Early Warning to the Industry (Level 3 Threat Research Labs)
• Alert (TA14-017A): UDP-Based Amplification Attacks (US- CERT)

For Assistance or Questions
Contact the ITS Service Center:
M-Th, 7 a.m.-7 p.m.; F, 7 a.m.–6 p.m.; Sun, 2-7 p.m.

• Submit a Service Request Online
• 734-764-HELP (764-4357)
• [email protected]
• http://its.umich.edu/help