GEN:SID 1:2018
Message RPC mountd TCP dump request
Summary This event is generated when a request is made to list remotely mounted Network File System (NFS) directories.
Impact Information disclosure.  This can allow an attacker to discover NFS file systems that have been mounted.
Detailed Information The mountd Remote Procedure Call (RPC) implements the NFS mount protocol.  When an NFS client requests a mount of an NFS file system, mountd examines the list of exported file systems.  If the NFS client is permitted access to the requested file system, mountd returns a file handle for the requested directory.  An attacker or legitimate NFS client may request a list of mounted file systems.
Affected Systems All systems running NFS.
Attack Scenarios An attacker may attempt to list the mounted NFS file systems as a precursor to mounting them to read or change a specific file.
Ease of Attack Simple.  
Corrective Action Limit remote access to RPC services.

Filter RPC ports at the firewall to ensure access is denied to RPC-enabled machines.

Disable unneeded RPC services.
Additional References