Bugtraq mailing list archives
Re: Read only devices (Re: BoS: amodload.tar.gz - ...)
From: petroca () acasun eckerd edu (Chris A. Petro)
Date: Sat, 22 Jun 1996 16:48:07 -0400
This opens up new avenues of attack. (the server may now be suseptible to attacks from the inside. ) A attacking system could answer NFS reads with its own data. Not a trivial attack, but I did read about it being done. If the hardened server is serving as a firewall platform it may not be able to trust *either* side.
I have source for something similar that spoofs yp passwd (or any NIS map) entries. Nifty. I'm sure it could be modified quite easily. If anyone is interested, I'll hunt it down and post it (this is bugtraq, after all). I found it on the web somewhere, so it's not like it isn't already available. I haven't tried it, but the author seems quite knowledgable, so I imagine that it works :^) _____________________________________________________________________________ Christopher Petro | -- Tampa Bay Media & Data Services -- 813-547-2278 | * Complete hardware, software and networking solutions, P.O. Box 2178 | including integration of technologies (eg., video or Pinellas Park, FL | telephony and computers) and custom software 34664-2178 | * Professional audio, video and lighting systems
Current thread:
- Read only devices (Re: BoS: amodload.tar.gz - ...) William McVey (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Patrick Ferguson (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Sean Vickery (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Matt Zimmerman (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Sean Vickery (Jun 20)
- <Possible follow-ups>
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Scott J. Kramer (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Brian Tao (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Don Lewis (Jun 20)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Matt Zimmerman (Jun 21)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Christopher Samuel (Jun 21)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Chris A. Petro (Jun 22)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) R.Arnold / Arny (Jun 24)
- Re: Read only devices (Re: BoS: amodload.tar.gz - ...) Patrick Ferguson (Jun 20)