Bugtraq mailing list archives
Re: NFS packet blocking (Was Mouse EXPLOIT info...)
From: casper () fwi uva nl (Casper Dik)
Date: Fri, 20 Jan 1995 16:05:59 +0100
Sun's NFS implementation always used TCP as well as UDP -- a better idea would be to block portmapper (111 udp/tcp) as well as NFS --- but it depends on how paranoid you wish to be.
Sun's NFS implementation has never used TCP, only UDp. Mountd does use TCP.
Blocking tcp/udp 2049 will not prevent *ALL* NFS attacks -- you might still be able to get the fh's through source routed requests to rpc.mountd (which might run on TCP & UDP ports), but it won't give you any access -- you can never retrieve any data, because you can't get a reply send back to you (you'd need to fake the src address to get a reply, but you won't pass the filters if you want the reply.. UDP doesn't have an IP_OPTIONS, thus doesn't support source routing.) if NFS is filtered at the router, you will be able to send "unlink" requests (using the fh's you have) but it will only cause damage, which is still dangerous enough.
Not necessarily. If you block all requests destined for port 2049 in an inbound filter, faked packets won't get through, no matter what the source address is. Casper
Current thread:
- re: WWW Servers Bandwidth flood on Internet Rikhardur Egilsson (Jan 18)
- Re: WWW Servers Bandwidth flood on Internet Casper Dik (Jan 18)
- NFS packet blocking (Was Mouse EXPLOIT info...) Dave Williss (Jan 18)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Rafi Sadowsky (Jan 19)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) jsz (Jan 20)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Darren Reed (Jan 20)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Casper Dik (Jan 20)
- Re: NFS packet blocking (Was Mouse EXPLOIT info...) Rafi Sadowsky (Jan 19)
- <Possible follow-ups>
- Re: WWW Servers Bandwidth flood on Internet der Mouse (Jan 18)
- Re: WWW Servers Bandwidth flood on Internet Casper Dik (Jan 18)