Bugtraq mailing list archives
Re: impossible vs. impractical
From: jon () netsys com (jon)
Date: Sat, 13 May 1995 13:28:29 -0700 (PDT)
difficult in email. ObBug: Many mountd implementations don't care about source routing. Therefore, spoof a mount request from a trusted host, source route it through your local machine, and create a routing entry for the trusted host routed through localhost. When the server replies with the file handle, sniff the handle, and your local system will automatically route the reply into nothingness. Since very few nfsd implementations actually do access control, a filehandle is all you need...
Most of mountd implementations use both tcp and udp packets, and I haven't seen any that'd ignore IP_OPTIONS. Perhaps because it's usually being done on the kernel level. Still, for mountd the use is limited, you can, of course implement a source routed mount request to mountd, using strict routing, and it might be relatively easy to obtain a filehandle, however this will not always give you file access, at times, it gives you read access, at times no access at all. If 2049/udp is filtered in the router, you can still send an "unlink" requests, and cause damage, however you can't retrive data because no reply is sent to you. For a mount client to implement source routed mount requests you'd probably have to rewrite all the RPC libs and replace clnt_create() & clnttcp_create(). j.
Current thread:
- Re: impossible vs. impractical, (continued)
- Re: impossible vs. impractical Perry E. Metzger (May 10)
- and now, back to your regularly scheduled discussion topic... robert owen thomas (May 08)
- Re: impossible vs. impractical Aleph One (May 08)
- R. Thomas's NFS question PETER.T.WHITING () sprint sprint com (May 09)
- Re: R. Thomas's NFS question Marek Michalkiewicz (May 10)
- RE: Anon site needed for FIP[S] PUB 190 Lawrence E. Bassham (May 09)
- unsubscribe bugtraq parkerm@cs49.holloman ParkerM,TSgt,49CS/SCSC (May 09)
- Please, please, _please_ (was Re: impossible vs. impractical) G.J.W. Hagenaars (May 08)
- Re: Please, please, _please_ (was Re: impossible vs. impractical) ATM_Feel_the_Power (May 09)
- Re: impossible vs. impractical John F. Haugh II (May 10)
- Re: impossible vs. impractical jon (May 13)
- Re: impossible vs. impractical Tom Ptacek (May 14)
- Re: impossible vs. impractical jon (May 14)
- Re: impossible vs. impractical Tom Ptacek (May 14)