Germany BSI abuse message prevention
In case of an Abuse message from BSI (in Germany), the following services must be enabled and disabled:
systemctl disable rpcbind.target systemctl disable rpcbind.socket systemctl disable rpcbind.service systemctl stop rpcbind.target systemctl stop rpcbind.socket systemctl stop rpcbind.service
Verify in 2 ways:
rpcinfo -T udp -p 192.168.45.67 telnet 192.168.45.67 111
Cutting with DROP traffic by Suricata IPS is not sufficient, because not all possible traffic signatures on port 111 are used and in most cases this port can be enumerated.