A new DDoS Reflection Attack: Portmapper

Level 3 announced that it has witnessed an alarming trend in both traffic behaviour and DDoS methods following the introduction of a new DDoS vector: Portmapper.

Portmapper (also referred to as rpcbind, portmap, or RPC Portmapper) is a mechanism to which Remote Procedure Call (RPC) services register to allow for calls to be made to the Internet.

The Portmapper vector is the latest method for DDoS reflection attacks, which have caused havoc in the past.

It has already been used in a number of attacks, with the largest impact to organisations taking place over 10 – 12 August.

These attacks targeted only a subset of verticals, primarily focused on gaming, hosting, and Internet infrastructure.

“Level 3’s Threat Research Labs’ goal is for the industry to use this early warning to help stop or slow any future impacts,” the company said.

Full details about the Portmapper DDoS vector are available here.

More on DDoS attacks

Large DDoS attacks often use SYN and UDP vectors

Massive increase in DDoS attacks