Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Steffen Dettmer (steffen_at_dett.de)
Date: Wed Feb 19 2003 - 01:51:57 CST
* Volker Kuhlmann wrote on Wed, Feb 19, 2003 at 10:35 +1300:
> > Is there any alternative to this ?
> NFS is a pain. In theory, you need a packet filter which
> listens in on the portmaper exchange and on the fly opens and
> closes the udp ports actually being used.
Yes, it is... Closing ports on the fly? This results in blocking
unused ports, if I undertstood correctly. I don't think that this
is so horrible to have unused ports open. Firewalling access
except a few, trusted IPs is not that bad at all, and on the NFS
server and/or the client you could roll out additional some local
rules, but UDP packet source addresses are easy to spoof (or
"set", "spoof" sounds so complicated :)). Some RPC services can
be configured to listen on specified ports, maybe nfsd have
this feature also?
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-helpsuse.com Security-related bug reports go to securitysuse.de, not here