Portmapper Vulnerability - Virgin Media Security Alert telling me to block port 111 on my router
I keep getting emails (sporadically) from Virgin Media (my ISP) saying 'Your home devices could be at risk'. I have had two such in the last 7 days.
Extracting their key message:
START
Since we last wrote to you we have again been alerted that a device connected to your home network has been identified as having a potential Portmapper vulnerability.
A Portmapper vulnerability is a security issue whereby a 3rd party can use this protocol to gain unauthorised access to your network/devices for malicious purposes. If a 3rd party has access to your network/devices they will be able to perform a Distributed Denial of Service (DDoS) attack.
It is therefore important that you follow the advice in this letter.
What has happened?
We suspect the device may have been misconfigured by you, someone in your household or without your knowledge. If the settings are left unchanged they can be exploited to unwittingly participate in malicious activities, for example a Distributed Denial of Service (DDoS) attack.
Details:
IP: 81.109.90.249
Date: 02 April 2024
How can this issue be resolved?
To fix this problem please visit virginmedia.com/portmapper for guidance on how to secure your network.
END
I use the supplied Virgin Media Hub as a modem and the Deco X20 provides my routing. So effectively the Virgin Media Hub is 'dumb' and the X20 controls my Firewall.
Looking at the VM site about Open Portmapper Vulnerability it says:
START
Portmapper (also known as RPC Bind or RPC Portmap) is a service used by computer systems to assist with networking tasks. Unfortunately, Portmapper currently has a bug that can allow remote third-party attackers to gain unauthorised access and perform Distributed Denial of Service (DDoS) attacks against target machines. A remote attacker can take advantage of this bug by sending a specially crafted request to an affected Portmapper server.
Block external Portmapper traffic
The easiest way to fix an open Portmapper vulnerability is to set your firewall to block UDP port 111.
END
I cannot find any way in the Deco app to look to carry out the blocking as advised by Virgin.
So, three questions:
- Is there a way to block the specific port as advised by Virgin Media?
- If not does it matter?
- Am I protected by my Deco Firewall as a matter of course? That is do I worry or not.
Thanks (in anticipation) for any advice/guidance.