In response to the news that security researchers have warned about a new DDoS amplification attack threat, which only exists because too many users are failing to follow basic safeguards, I have the below comments from Ofer Gayer, security researcher, Imperva:
“These portmap attacks are not different than other amplification denial of service attacks, all of which abuse legitimate services to magnify the impact of DDoS floods. From mitigation stand-point, however, the end result is always the same large UDP flood—something that mitigation providers should be equipped to deal with by default. The fact that these specific attacks originate from a rarely-used (111) port makes them even easier to identify
As always, we advise all sys-admins to carefully manage outside access of their public facing services, either by filtering their users or by disabling them entirely, if not in use.“