Bugtraq mailing list archives
Re: NFS packet blocking (Was Mouse EXPLOIT info...)
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Fri, 20 Jan 1995 14:51:19 -0500
port 2049 is the NFS port ( normally UDP but the TCP port should be blocked too as some newer NFS implementations support TCP ...) blocking it at your router should ( I think ) block all NFS attacks
Not if your portmapper supports PMAPPROC_CALLIT.
Sun's NFS implementation always used TCP as well as UDP
Not the SunOS 4.1.2 machines here, certainly; both rpcinfo -p and netstat list only UDP. Nor has any older version I have any experience with ever supported NFS over TCP.
Blocking tcp/udp 2049 will not prevent *ALL* NFS attacks -- you might still be able to get the fh's through source routed requests to rpc.mountd
Why bother with source routing? If the ports are blocked, source routing won't help; if not, there's no need for it. Unless you want to forge your IP address, which is orthogonal.
UDP doesn't have an IP_OPTIONS, thus doesn't support source routing.)
Um, I strongly suggest you check out things like this with the RFCs before speaking. UDP, like TCP, is built on top of IP, and thus is perfectly capable of using IP options like source routing.
if NFS is filtered at the router, you will be able to send "unlink" requests (using the fh's you have)
Um? If NFS is filtered, how do you propose to get your packets past the filter? Or are you postulating a filtering setup stupid enough to block NFS traffic one way but not the other? der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- Re: NFS packet blocking (Was Mouse EXPLOIT info...), (continued)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Jas (Jan 22)
- NYT Article this morning Rens Troost (Jan 23)
- Re: NYT Article this morning Perry E. Metzger (Jan 23)
- Solaris 2.3 PPP Jake Hill (Jan 24)
- Recent troubles der Mouse (Jan 24)
- Re: NYT Article this morning Jim Duncan (Jan 24)
- the next generation of nuke.c Oliver Friedrichs (Jan 25)
- the next generation of nuke.c Scott D. Yelich (Jan 26)
- IP_FORWARDING re-enabled? pluvius (Jan 26)
- Re: IP_FORWARDING re-enabled? Pete Shipley (Jan 26)