Re: NFS exporting

perrysnark.imsi.com

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: smbresearch.att.com: "Re: NFS exporting"
• Previous message: *Hobbit*: ""NULL""
• In reply to: Rob Quinn: "Re: NFS exporting"
• Next in thread: Aggelos D. Keromitis: "Re: NFS exporting"

Rob Quinn says:
> >People can read and write your disk. In addition, anyone with access
> >to your network can spoof NFS packets and either interfere with your
> >view of whats on the disk or with the server's idea of what you are
> >attempting to write (or read). The latter portion should be obvious --
> >its easy to mount an active attack on a udp based protocol
> 
>  A while back I saw some discussion about NFS using tcp instead of udp. Would
> this make things any more secure?

It would require more skill, but the basic problem remains exactly the
same. See Steve Bellovin's paper on security problems in the IP suite
for info on hijacking TCP connections. Even if you can't hijack the
TCP session, you can certainly extract interesting data out of it,
like file handles.

Perry

• Next message: smbresearch.att.com: "Re: NFS exporting"
• Previous message: *Hobbit*: ""NULL""
• In reply to: Rob Quinn: "Re: NFS exporting"
• Next in thread: Aggelos D. Keromitis: "Re: NFS exporting"