Guide to Portmapper Amplification Issues

What is Portmapper? The port mapper (rpc.portmap or just portmap, or rpcbind) is an Open Network Computing Remote Procedure Call (ONC RPC) service that runs on network nodes providing other ONC RPC services. A host may connect to a server that supports the Portmapper Protocol on either Transmission Control Protocol (TCP) or User Datagram Protocol […]

Read more →

Guide to Microsoft Active Directory rootDSE/C-LDAP security issues

What is C-LDAP in Microsoft Active Directory services? Active Directory (AD) is a directory service developed by Microsoft. Active Directory services include AD Certificate Services, AD Domain Services, AD Federation Services, AD Lightweight Directory Services, and AD Rights Management Services. A server running Active Directory Domain Services (AD DS) is called a domain controller. Among […]

Read more →

Securing Windows SMB and NetBios/NetBT Services

What is the Windows SMB service? The Server Message Block (SMB) Protocol is a network file sharing protocol running on port 445. It is implemented in Microsoft Windows Server as the Microsoft SMB service. Microsoft SMB Protocol is installed by default in Microsoft Windows Server. SMBv2 protocol was introduced in Windows Vista and Windows Server […]

Read more →

Securing your Memcached Server

Vulnerability Description By default memcached is available to the world on UDP and TCP port 11211. Among other utilities it may be possible to use something as simple as telnet to connect to memcached and issue a ‘stat’ command to obtain information about the service itself or other commands to retrieve the data that is […]

Read more →