DESCRIPTION LAST UPDATED: 2023-12-18
DEFAULT SEVERITY LEVEL: MEDIUM
This report identifies hosts that have the Portmapper service running and accessible on the public Internet.
This service has the potential to be used in amplification attacks by criminals that wish to perform denial of service attacks. For general information on this service, see Wikipedia. See US-CERT Alert TA14-017A) and Level3’s Blog for more.
In addition to being used in denial of service attacks, portmapper can be used to obtain a large amount of information about the target, including the NFS exports that are hosted by that device, if the mountd program is also accessible.
The analogous shell command to mimic our portmapper scan is:
And the analogous shell command that mimics our probe of the mountd program is:
For simplicity, the programs in the output of the portmapper scan are kept numeric, but below is a mapping of common program numbers to names:
Program NumberProgram Name
Severity levels are described here.
For more information on our scanning efforts, check out our Internet scanning summary page..