针对portmap 的DDOS攻击

iptables -I INPUT -p tcp --dport 111 -j DROP
iptables -I INPUT -s 10.171.254.221 -p tcp --dport 111 -j ACCEPT
iptables -I INPUT -s 10.175.197.98 -p tcp --dport 111 -j ACCEPT
iptables -I INPUT -s 115.236.160.xx -p tcp --dport 111 -j ACCEPT

[root@nfs01 ~]# netstat -nap | grep rpcbind 
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      909/rpcbind         
udp        0      0 0.0.0.0:111                 0.0.0.0:*                               909/rpcbind         
udp        0      0 0.0.0.0:656                 0.0.0.0:*                               909/rpcbind         
unix  2      [ ACC ]     STREAM     LISTENING     8778   909/rpcbind         /var/run/rpcbind.sock
unix  2      [ ]         DGRAM                    8786   909/rpcbind 


1. portmap 端口 111 udp/tcp；
2. nfsd 端口 2049 udp/tcp；

[root@nfs01 ~]# cat /etc/services  | grep 2049
nfs             2049/tcp        nfsd shilp      # Network File System
nfs             2049/udp        nfsd shilp      # Network File System
nfs             2049/sctp       nfsd shilp      # Network File System
[root@nfs01 ~]# cat /etc/services  | grep 111
sunrpc          111/tcp         portmapper rpcbind      # RPC 4.0 portmapper TCP
sunrpc          111/udp         portmapper rpcbind      # RPC 4.0 portmapper UDP

[root@nfs01 ~]# netstat -nap | grep 2049
tcp        0      0 0.0.0.0:2049                0.0.0.0:*                   LISTEN      -                   
tcp        0      0 10.171.250.68:2049          10.175.197.98:676           ESTABLISHED -                   
tcp        0      0 10.171.250.68:2049          10.171.254.221:834          ESTABLISHED -                   
udp        0      0 0.0.0.0:2049                0.0.0.0:*                               -                   
[root@nfs01 ~]# cat /etc/exports 
/nfs01 10.171.254.221(rw,sync,no_root_squash)
/nfs01 10.175.197.98(rw,sync,no_root_squash)