cancel
Showing results for 
Search instead for 
Did you mean: 

Snail mail letter about portmapper vuln

octomancer
Joining in

Hi all,

I received a letter in the post today about a Portmapper vulnerability on my network.

I have verified that port UDP 111 is open on my external IP. It's a quirk of D-Link routers. I've set up a virtual server on the D-Link to forward UDP port 111 to an IP that is not in use, but the port is still open. It seems D-Links are just crap like this.

The reason I have my VM Hub 3.0 in modem mode and a 15 year old D-Link plugged into it, is, ironically because I couldn't get the VM Hub to port forward correctly. I'm pretty sure it's not me as I managed to set my D-Link up to do it. And I've set up many, many SOHO routers to port forward in the past. I work in IT in a role that is very adjacent to network engineering, I understand this stuff, but it's not impossible that the VM Hub just confused me and I fat fingered the config all 7 times I tried to set it up.

That aside, I can't close this port. Do I just have to get into the habit of dropping all communications from VM into the recycling without opening them? And block their emails. Seems like something VM wouldn't want me to do. But I will if they don't let me turn that spam off.

Yours irritatedly,
Rich

9 REPLIES 9

用心棒
Very Insightful Person
Very Insightful Person

If you continue to receive portmapper vulnerability notifications despite having directing incoming traffic, on port 111, to an IP Address where it is unserviceable then you will need to investigate further, read more here Open Portmapper Report | The Shadowserver Foundation

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click helpful.jpeg Mark as Helpful Answer and solved, or use thanks.jpeg Kudos to say thanks

Hi Very Insightful Person,

Thanks for the reply. I have read that page and I ran the "analogous shell command to mimic our portmapper scan" and got this result:

╰─ rpcinfo -T udp -p <my-external-ip> ─╯
<my-external-ip>: RPC: Remote system error - Connection timed out

So, this confirms that there is nothing to see here.

Let's hope that this information reaches VM in a timely fashion.

Thanks again for the reply.

Rich

Hey octomancer, thank you for reaching out and a warm welcome to the community I am so sorry to hear this.

I have taken a look at our side and I can see the security team sent you a letter and if you need anything else answering to ring the number on the letter. Thanks 

Matt - Forum Team


New around here?

Thanks, but there is no phone number on the letter 🙃

Please can you confirm if you've been able to follow any advice or instructions that are itemised on the letter?

Feel free to share a picture of the letter you've received - omitting any personal/sensitive information.

Kindest regards,

David_Bn

ravenstar68
Very Insightful Person
Very Insightful Person

@octomancer I would consider contacting Shadowserver directly to ask if they can do a repeat scan or check their logs to see if there has been any more responses from your IP address.

Ravenstar68

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

I can confirm there is no portmapper vulnerability. Here again is the proof in case you didn't see it the first time:

$ rpcinfo -T udp -p <my-external-ip>                                                                                           
<my-external-ip>: RPC: Remote system error - Connection timed out

This is directly from the Shadowserver page about it. And here is the result of the other command that Shadowserver mentions:

$ showmount -e <my-external-ip>
clnt_create: RPC: Program not registered

There is no portmapper vulnerability on my external IP. My responsibility ends there. I'm not going to do anything else.

Except ignore everything else VM or Shadowserver say about it.

 

No. I'm not going put any more effort into unscrewing their stupid heads. Their own information proves there is no portmapper vulnerability on my network. If they want to keep self-importantly wagging their finger at me based on incorrect information then they can do it while I ignore them.

octomancer
Joining in

I received another letter today smh.

I can see this is going to happen every week.

In fact, I do need a lot of browns for my compost bin! Keep 'em comin' Virgin 🙂