Bugtraq mailing list archives
Re: NFS packet blocking (Was Mouse EXPLOIT info...)
From: rafi () tavor openu ac il (Rafi Sadowsky)
Date: Thu, 19 Jan 1995 20:08:15 +0200 (IST)
On Wed, 18 Jan 1995, Dave Williss wrote:
In previous message, Christopher Klaus said...Why can't you make mountd on Ultrix 4.X reject mount requests from non-privileged ports? turning on "nfsportmon" in the kernel doesn't quite do the job properly. Things that make you go hmmm...Install a good portmapper so that remote hosts can't easily find what port mountd is on. A better solution is to make sure that your routers kill all NFS packets from remote nets.Any idea what I should block on my router to do this? I have a cicsco router if that's any help.
port 2049 is the NFS port ( normally UDP but the TCP port should be blocked too as some newer NFS implementations support TCP ...) blocking it at your router should ( I think ) block all NFS attacks
Also, does anybody know of a mailing list or FAQ for cisco setup. I find their manuals cryptic.
for a cisco the following line in an access list should block incoming NFS to class B net 147.233 access-list 1<xx> deny udp 0.0.0.0 255.255.255.255 147.233.0.0 0.0.255.255 eq 2049 (one line - this of course does UDP only & the access list must be 100-199 of course you would have to allow the conections you do want to allow - as there is an implicit deny all packet at the end of each access list ) while on the *incoming* port you would have int eth <n> access-group 1<xx> (if you have version 10.X you can also block on the outgoing port - RTFM.. :-)
-- David C. Williss #include <standard.disclaimer> Software Engineer -- MicroImages, Inc. dwilliss () microimages com WWW: http://tnt.microimages.com/~dwilliss dwilliss () csealumni unl edu -- PGP Public Key available via finger from: dwilliss () csealumni unl edu --
-- Rafi Sadowsky rafi () tavor openu ac il [postmaster () openu ac il] FAX: +972-3-6460483
Current thread:
- re: WWW Servers Bandwidth flood on Internet Rikhardur Egilsson (Jan 18)
- Re: WWW Servers Bandwidth flood on Internet Casper Dik (Jan 18)
- NFS packet blocking (Was Mouse EXPLOIT info...) Dave Williss (Jan 18)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Rafi Sadowsky (Jan 19)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) jsz (Jan 20)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Darren Reed (Jan 20)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Casper Dik (Jan 20)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Rafi Sadowsky (Jan 19)
- <Possible follow-ups>
- Re: WWW Servers Bandwidth flood on Internet der Mouse (Jan 18)
- Re: WWW Servers Bandwidth flood on Internet Casper Dik (Jan 18)