Show Table of Contents
5.2. Securing Portmap
portmapservice is a dynamic port assignment daemon for RPC services such as NIS and NFS. It has weak authentication mechanisms and has the ability to assign a wide range of ports for the services it controls. For these reasons, it is difficult to secure.
portmaponly affects NFSv2 and NFSv3 implementations, since NFSv4 no longer requires it. If you plan to implement a NFSv2 or NFSv3 server, then
portmapis required, and the following section applies.
If running RPC services, follow these basic rules.
portmap With TCP Wrappers
It is important to use TCP wrappers to limit which networks or hosts have access to the
portmapservice since it has no built-in form of authentication.
Further, use only IP addresses when limiting access to the service. Avoid using hostnames, as they can be forged via DNS poisoning and other methods.