Internet-Security.com TCP port 111 details

TCP port 111 is used by the Sun/ONC RPC portmapper service (rpcbind/portmap), which maps RPC program numbers to service ports.
It is actively used by NFSv2/v3 on Unix-like systems to help clients discover daemons like mountd, rpc.statd, rquotad, and sometimes lockd; NFSv4 typically doesn’t require it.
Real implementations include rpcbind on Linux (RHEL, Ubuntu, Debian), Solaris, AIX, FreeBSD, and macOS when running the NFS server.
Storage appliances such as NetApp ONTAP, Dell EMC Isilon/PowerScale, Synology, and QNAP expose port 111 when NFS is enabled.
Legacy RPC-based services like NIS/YP (ypserv, yppasswdd) and Solaris sadmind also register via port 111.
Example: An NFS server on RHEL exposes rpcbind on TCP/UDP 111 so clients can obtain ports for nfsd/mountd; NetApp filers do the same for NFS exports.
Security note: Port 111 is frequently targeted to enumerate RPC services and has been used to exploit vulnerable RPC daemons (e.g., rpc.statd, mountd, sadmind) or misconfigured NFS exports.

TCP 111