RPCbind
#1
I am running LibreElec 8.2.5 on a raspberry pi 3b, however I found out that the port 111 is open on this system. This is used by RPCbind, I was wondering if I can remove this program to ensure my system can not be used for DDos attacks.
However I was unable to find if RPCbind is required for any operations within LibreElec. Is there anyone who knows if I can safely remove RPCbind? Or somehow block any IP address which is not from my home network?
Do I need RPCbind in order for the JSON-RPC to work?
Reply
#2
You're talking about the sunrpc portmapper, correct ?

It's required for using sunrpc based services like NFS. If you don't need NFS, you can disable the service entirely.

OTOH, I doubt that portmapper is vulnerable to any DDOS. It's been a while since I last laid my hands on the portmap
code (I don't see any need for any notable changes since decades), but back then portmap did nothing more than
maintain a small map of rpc services and their port numbers on the same host. Updates are only allowed from localhost
(unless configured really badly), remote clients only can only query. The memory and CPU consumption is pretty limited,
so it takes a lot bandwidth to DDOS it, and that would only affect portmap itself and so nfs mount oprations.
Reply
 
Thread Rating:
  • 0 Vote(s) - 0 Average



Logout Mark Read Team Forum Stats Members Help
RPCbind00