针对portmap 的DDOS攻击

iptables -I INPUT -p tcp --dport 111 -j DROPiptables -I INPUT -s 10.171.254.221 -p tcp --dport 111 -j ACCEPTiptables -I INPUT -s 10.175.197.98 -p tcp --dport 111 -j ACCEPTiptables -I INPUT -s 115.236.160.xx -p tcp --dport 111 -j ACCEPT[root@nfs01 ~]# netstat -nap | grep rpcbind tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      909/rpcbind         udp        0      0 0.0.0.0:111                 0.0.0.0:*                               909/rpcbind         udp        0      0 0.0.0.0:656                 0.0.0.0:*                               909/rpcbind         unix  2      [ ACC ]     STREAM     LISTENING     8778   909/rpcbind         /var/run/rpcbind.sockunix  2      [ ]         DGRAM                    8786   909/rpcbind 1. portmap 端口 111 udp/tcp；2. nfsd 端口 2049 udp/tcp；[root@nfs01 ~]# cat /etc/services  | grep 2049nfs             2049/tcp        nfsd shilp      # Network File Systemnfs             2049/udp        nfsd shilp      # Network File Systemnfs             2049/sctp       nfsd shilp      # Network File System[root@nfs01 ~]# cat /etc/services  | grep 111sunrpc          111/tcp         portmapper rpcbind      # RPC 4.0 portmapper TCPsunrpc          111/udp         portmapper rpcbind      # RPC 4.0 portmapper UDP[root@nfs01 ~]# netstat -nap | grep 2049tcp        0      0 0.0.0.0:2049                0.0.0.0:*                   LISTEN      -                   tcp        0      0 10.171.250.68:2049          10.175.197.98:676           ESTABLISHED -                   tcp        0      0 10.171.250.68:2049          10.171.254.221:834          ESTABLISHED -                   udp        0      0 0.0.0.0:2049                0.0.0.0:*                               -                   [root@nfs01 ~]# cat /etc/exports /nfs01 10.171.254.221(rw,sync,no_root_squash)/nfs01 10.175.197.98(rw,sync,no_root_squash)