Bugtraq mailing list archives

Re: NFS exporting

From: smb () research att com (smb () research att com)
Date: Thu, 14 Apr 94 12:46:09 EDT


         >People can read and write your disk. In addition, anyone with access
         >to your network can spoof NFS packets and either interfere with your
         >view of whats on the disk or with the server's idea of what you are
         >attempting to write (or read). The latter portion should be obvious -
        -
         >its easy to mount an active attack on a udp based protocol

          A while back I saw some discussion about NFS using tcp instead of
          udp. Would this make things any more secure?

Yes, considerably; it's much harder (though by no means impossible)
to butt in to the middle of a TCP session.

(Advt.)  In our book, Bill Cheswick and I describe a proxy NFS setup,
using TCP, a user-level NFS server, and chroot.  4.4bsd and Sun's NFS
Version 3 support NFS over TCP; Linux has a user-level server.  It's
not hard to put the pieces together to do things that way, but it's
not standard yet.

                --Steve Bellovin

Current thread:

Re: NFS exporting, (continued)
- - - Re: NFS exporting Paul Graham (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
  - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Rob Quinn (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
  - Re: NFS exporting Aggelos D. Keromitis (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Perry E. Metzger (Apr 14)