Portmapper / rpcbind
aka rpcbind, sunrpc
The RPC port mapper on 111 (TCP/UDP). It tells you which RPC services (NFS, NIS, mountd, rusersd…) are registered and on what ports — the first stop for enumerating Unix RPC and UDP amplification.
Ports
| Port | Proto | Notes |
|---|---|---|
111 | tcp | portmapper |
111 | udp | portmapper (amplification) |
Fingerprint
- rpcinfo -p lists registered RPC programs + ports
- nmap rpcinfo populates the RPC services
Exploitation primitives
- Enumerate RPC programs → find NFS (mountd), NIS, rusersd, rstatd to attack next
- Discover the dynamic ports those services bind to
- Exposed UDP portmapper is usable for DDoS amplification
Overview
Portmapper on 111 is the directory of RPC services on a Unix host. Query it first — it points you at NFS, NIS and other RPC services worth attacking.
Enumeration
List registered RPC programs:
rpcinfo -p <TARGET>nmap:
nmap -p111 --script rpcinfo <TARGET>Then follow the leads (e.g. NFS exports):
showmount -e <TARGET>Hardening
Firewall 111, restrict rpcbind to trusted hosts, and disable unused RPC services.