Skip to Content

Portmapper Unmasked: A Deep Dive into RPC Service Discovery

Portmapper, also known as rpcbind, serves as a mapping service for Remote Procedure Call (RPC) programs.

It acts as a mediator between clients and RPC services, enabling them to locate and connect to each other efficiently.

Portmapper maintains a registry of available RPC services and the ports they are listening on, facilitating dynamic assignment of ports and simplifying the process of connecting clients to the appropriate services.

Dynamic Port Assignment with portmapper

The primary function of Portmapper is to map RPC program numbers to the ports they are running on.

Get Your Free Linux training!

Join our free Linux training and discover the power of open-source technology. Enhance your skills and boost your career! Learn Linux for Free!

When a client wishes to invoke an RPC service, it queries Portmapper to obtain the port number associated with the desired service.

Portmapper responds with the port number, allowing the client to establish a connection and communicate with the RPC service.

This dynamic mapping mechanism eliminates the need for clients to have prior knowledge of the port numbers assigned to specific services, enhancing flexibility and scalability in networked environments.

By providing a centralized registry of available services and their corresponding port numbers, Portmapper simplifies the process of service discovery and connection establishment for clients.

Furthermore, Portmapper facilitates the dynamic allocation of ports, allowing multiple instances of the same service to run concurrently without conflicts.

Security Risks of Portmapper 

While Portmapper offers significant benefits for networked environments, it also poses security risks if not properly configured or protected.

Here are some of the risks associated with Portmapper in Linux systems:

  • Information Disclosure: Portmapper can reveal sensitive information about RPC services running on a system, such as program numbers, versions, and ports. Attackers can exploit this information to target specific services or vulnerabilities.
  • Denial of Service (DoS) Attacks: Portmapper is susceptible to DoS attacks, where attackers flood the service with requests, exhausting system resources and making legitimate services inaccessible.
  • Port Scanning and Enumeration: Attackers often use Portmapper as part of their reconnaissance phase to scan for RPC services on a network. By querying Portmapper, attackers can identify potential targets for further exploitation.

 

Interacting with Portmapper in Linux

To interact with Portmapper and gather information about RPC services, the rpcinfo command is commonly used.

This command displays information about the RPC services available on a system, including their program numbers and versions.

Here’s an example of how to use rpcinfo:

rpcinfo -p [hostname]

Explanation:

  • rpcinfo: This is the command-line utility used for querying information about Remote Procedure Call (RPC) services.
  • -p: This option specifies that we want to query the Portmapper service to list the RPC services registered on the specified host.
  • [hostname]: This is the hostname or IP address of the remote system for which we want to retrieve RPC service information.

Example:

rpcinfo -p 192.168.1.100

Output:

program vers proto port
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper

 

The output of the rpcinfo command displays a list of RPC program numbers, versions, transport protocols, and service names.

In this example, the Portmapper service (portmapper) is shown to be available on both TCP and UDP protocols, with multiple versions (2, 3, and 4) registered on port 111.

To mitigate the risks associated with Portmapper, system administrators should implement access controls, firewall rules, and regular security updates to protect against potential vulnerabilities and attacks.

Additionally, monitoring and logging Portmapper activity can help detect and respond to suspicious behavior in a timely manner.

How to manage portmapper service in Linux

To start, stop, or restart the Portmapper service in Linux, you can use the systemctl command.

Here’s how:

Start Portmapper Service:

sudo systemctl start rpcbind

Stop Portmapper Service:

sudo systemctl stop rpcbind

Restart Portmapper Service:

sudo systemctl restart rpcbind

These commands will allow you to manage the Portmapper service on your Linux system. Make sure to run them with sudo privileges to have the necessary permissions to start, stop, or restart system services.