Bugtraq mailing list archives
Re: NFS exporting
From: perry () snark imsi com (Perry E. Metzger)
Date: Thu, 14 Apr 1994 12:35:56 -0400
Rob Quinn says:
People can read and write your disk. In addition, anyone with access to your network can spoof NFS packets and either interfere with your view of whats on the disk or with the server's idea of what you are attempting to write (or read). The latter portion should be obvious -- its easy to mount an active attack on a udp based protocolA while back I saw some discussion about NFS using tcp instead of udp. Would this make things any more secure?
It would require more skill, but the basic problem remains exactly the same. See Steve Bellovin's paper on security problems in the IP suite for info on hijacking TCP connections. Even if you can't hijack the TCP session, you can certainly extract interesting data out of it, like file handles. Perry
Current thread:
- Re: NFS exporting, (continued)
- Re: NFS exporting Aggelos D. Keromitis (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 13)
- Re: NFS exporting Michael Neuman (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Paul Graham (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting Aggelos D. Keromitis (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Rob Quinn (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)