Received a strange e-mail from my cloud hosting provider (Vultr) today:
Dear Customer,
Recent network security audits have detected some issues on your instances. Please review the following reports and help us to ensure the security of our network:
== Portmapper servers ==
Portmapper is a service usually used with NFS. When this is not properly firewalled, it can be abused to conduct DDOS attacks. We recommend that all portmapper services be behind a firewall, and restricted to only IPs that need to contact them.
For Linux machines, please add firewall rules to block port 111 on both UDP and TCP:
iptables -I INPUT 1 -m tcp -p tcp --dport 111 -j DROP
iptables -I INPUT 1 -m udp -p udp --dport 111 -j DROP
Please see https://blog.cloudflare.com/reflections-on-reflections/ for more information on reflection attacks.
The following IPs have been detected running open portmapper servers:
XXXX - at 2018-04-03 10:23:03
Is this something used by FreePBX? What are your recommendations to correct the issue without breaking anything?