logo

Port 2049 – NFS (Network File System)

Service:

nfsd ,
rpc.nfsd ,
mountd

Protocol:

TCP/UDP

Port:

2049

Used for:

Sharing directories/files over a network (mostly in Unix/Linux environments)

Why It’s Open

NFS allows systems to share files and directories over a network. It’s commonly used in Linux environments, especially for centralized storage or backups.

Common Risks

  • Unauthenticated Access: Misconfigured exports can be mounted without credentials.
  • Data Exposure: Shared directories may include sensitive files.
  • Root Squashing Disabled: Allows root access from remote hosts.
  • Linked to RPCbind: Often used together with port 111.

Want to save time on reporting?

Let PentestPad generate, track, and export your reports - automatically.

logo-cta

Enumeration & Testing

Check if open

Terminal window
nmap -p 2049 -sV

Mount

Terminal window
showmount -e
mount :/shared /mnt/test
mount -t nfs :/export /mnt

What to Look For

CheckpointWhat it means
Public exportsAnyone can mount shares
No root squashingRemote root access possible
Weak filesystem permsRisk of data tampering or leakage

Known Exploits

  1. CVE-2015-3306 The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the SITE CPFR and SITE CPTO commands. 🔗 NVD Entry

Mitigation

  • Use no_root_squash only when necessary.
  • Restrict exports to specific IPs or subnets.
  • Mount with read-only where possible.
  • Avoid exposing NFS to the internet.

Real-World Example

In several ransomware attacks, NFS was used to exfiltrate and encrypt shared files once attackers had internal access to exported directories.

TL;DR

  • Service: Network File System (NFS)
  • Default Port: 2049
  • Risks: Unauthorized file access, data leakage
  • Mitigation: Restrict NFS exports, use firewalls, authenticate clients