Germany BSI abuse message prevention
In case of an Abuse message from BSI (in Germany), the following services must be enabled and disabled:
systemctl disable rpcbind.target
systemctl disable rpcbind.socket
systemctl disable rpcbind.service
systemctl stop rpcbind.target
systemctl stop rpcbind.socket
systemctl stop rpcbind.service
Verify in 2 ways:
rpcinfo -T udp -p 192.168.45.67
telnet 192.168.45.67 111
Cutting with DROP traffic by Suricata IPS is not sufficient, because not all possible traffic signatures on port 111 are used and in most cases this port can be enumerated.