Bugtraq mailing list archives
Re: NFS exporting
From: smb () research att com (smb () research att com)
Date: Thu, 14 Apr 94 12:46:09 EDT
>People can read and write your disk. In addition, anyone with access >to your network can spoof NFS packets and either interfere with your >view of whats on the disk or with the server's idea of what you are >attempting to write (or read). The latter portion should be obvious - - >its easy to mount an active attack on a udp based protocol A while back I saw some discussion about NFS using tcp instead of udp. Would this make things any more secure? Yes, considerably; it's much harder (though by no means impossible) to butt in to the middle of a TCP session. (Advt.) In our book, Bill Cheswick and I describe a proxy NFS setup, using TCP, a user-level NFS server, and chroot. 4.4bsd and Sun's NFS Version 3 support NFS over TCP; Linux has a user-level server. It's not hard to put the pieces together to do things that way, but it's not standard yet. --Steve Bellovin
Current thread:
- Re: NFS exporting, (continued)
- Re: NFS exporting Paul Graham (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Rob Quinn (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)
- Re: NFS exporting Aggelos D. Keromitis (Apr 14)
- Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting Perry E. Metzger (Apr 14)