Bugtraq mailing list archives

Re: NFS exporting

From: perry () snark imsi com (Perry E. Metzger)
Date: Thu, 14 Apr 1994 12:35:56 -0400


Rob Quinn says:

People can read and write your disk. In addition, anyone with access
to your network can spoof NFS packets and either interfere with your
view of whats on the disk or with the server's idea of what you are
attempting to write (or read). The latter portion should be obvious --
its easy to mount an active attack on a udp based protocol


 A while back I saw some discussion about NFS using tcp instead of udp. Would
this make things any more secure?


It would require more skill, but the basic problem remains exactly the
same. See Steve Bellovin's paper on security problems in the IP suite
for info on hijacking TCP connections. Even if you can't hijack the
TCP session, you can certainly extract interesting data out of it,
like file handles.

Perry

Current thread:

Re: NFS exporting, (continued)
- - Re: NFS exporting Aggelos D. Keromitis (Apr 13)
    - Re: NFS exporting Perry E. Metzger (Apr 13)
    - Re: NFS exporting Michael Neuman (Apr 13)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Paul Graham (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 15)
- Re: NFS exporting smb () research att com (Apr 13)
- Re: NFS exporting Carl Corey (Apr 13)
  - Re: NFS exporting Perry E. Metzger (Apr 14)
    - Re: NFS exporting Rob Quinn (Apr 14)
    - Re: NFS exporting Perry E. Metzger (Apr 14)
  - Re: NFS exporting Aggelos D. Keromitis (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Steve Simmons (Apr 14)
- Re: NFS exporting smb () research att com (Apr 14)
  - Re: NFS exporting Perry E. Metzger (Apr 14)