

Portmapper – A New DDoS Reflection Attack - Sami_Lehtinen
http://blog.level3.com/security/a-new-ddos-reflection-attack-portmapper-an-early-warning-to-the-industry/

======
e40
Can someone ELI5 this?

~~~
t3f
Portmapper, or rpcbind, which provides services typically used in Intranet
services like unix file sharing, allows for a spoofable requester address in
its udp connection. This allows an attacker to make a "request" of the service
on behalf of a victim IP. This request with its amplification factor can be
used to DoS the victim IP. Typically one would expect rpc services like this
to be behind a firewall/vpn and not exposed on the Internet. Their second
graph illustrates that very little rpc activity flows over their network
typically, again underscoring that you just dont expect it in the wild.

This is really just a "well it took 30 years to become a problem", and if you
operate a network this is an APB for what is now a less frequently used
service as an attack vector. Also a good warning to admins to check their
firewalls and DMZ hosts...

