We observed machines under your control participating in a DDoS attack targeting Google IPs.

The attack was a UDP  amplification attack.  In this attack, a UDP-based service is abused to attack others, wasting your bandwidth and computing resources.  For more information about this style of attack, see https://www.us-cert.gov/ncas/alerts/TA14-017A

The participating IPs under your control are listed below, along with the port number abused, the start and stop times in UTC, and the approximate amount of data sent during that time.

Note that this is simply a misconfigured server, not an abusive customer or a compromised machine.

disable rpcbind/rpc/portmapper service on centos 7 server
Lately I received an email from "German Federal office for information security (BSI)" informing me about an open port which included this
=================
> the Portmapper service (portmap, rpcbind) is required for mapping RPC
> requests to a network service. The Portmapper service is needed e.g.
> for mounting network shares using the Network File System (NFS).
> The Portmapper service runs on port 111 tcp/udp.
>
> In addition to being abused for DDoS reflection attacks, the
> Portmapper service can be used by attackers to obtain information
> on the target network like available RPC services or network shares.
================
so I checked and got this
------------------
[]# rpcinfo
  program version netid    address                service    owner
    100000    4    tcp6      ::.0.111              portmapper superuser
    100000    3    tcp6      ::.0.111              portmapper superuser
    100000    4    udp6      ::.0.111              portmapper superuser
    100000    3    udp6      ::.0.111              portmapper superuser
    100000    4    tcp      0.0.0.0.0.111          portmapper superuser
    100000    3    tcp      0.0.0.0.0.111          portmapper superuser
    100000    2    tcp      0.0.0.0.0.111          portmapper superuser
    100000    4    udp      0.0.0.0.0.111          portmapper superuser
    100000    3    udp      0.0.0.0.0.111          portmapper superuser
    100000    2    udp      0.0.0.0.0.111          portmapper superuser
    100000    4    local    /var/run/rpcbind.sock  portmapper superuser
    100000    3    local    /var/run/rpcbind.sock  portmapper superuser
-------------------
So here is how I closed that port and disabled rpc service on my centos 7 server
-----------------------------
# yum install rpcbind
# systemctl disable rpcbind
# systemctl disable rpcbind.socket
# systemctl stop rpcbind
# systemctl stop rpcbind.socket
----------------------------
now rpcinfo shows this
----------------------------
[]# rpcinfo
rpcinfo: can't contact rpcbind: RPC: Remote system error - Connection refused
----------------------------
that's it