PROTOCOL-RPC mountd UDP dump request
The RPC service mountd enables clients to connect to networked file
dismounted via UDP.
Denial of network resources to users on the local area network.
This may be an attempt to deny access to network resources from an
unauthorized source. It may also be indicative of an attacker probing
for RPC services on a host in an attempt to discover a possible entry
point to network resources via a vulnerable daemon.
- All systems allowing network shares to be unmounted by anonymous hosts,
- all systems allowing RPC services to be stopped by ordinary users and
- systems already compromised by an attacker via another vulnerability.
Ease of attack
When allowing hosts to mount an external network share, consider using a
Do not allow shares to be unmounted by unauthorized hosts or users.
RPC services should not be available outside the local area network,
filter RPC ports at the firewall to ensure access is denied to RPC
RPC services should also be disabled where not needed.
- Cisco Talos
- Brian Caswell
- Nigel Houghton