several OnApp Linux templates open a public Portmapper/rpcbind by default. This is a security issue since they can be used for DDoS-Amplification attacks. More info on https://portmapperscan.shadowserver.org/
We found open Portmapper/rpcbind on UDP port 111 at least in this templates:
Please don't run this service by default in the templates. It would be a good idea to confirm with e.g. nmap that a new template doesn't offer any unnecessary service publicly before publishing the template.
Please sign in to leave a comment.