Bugtraq mailing list archives
CERT, about NFS
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Wed, 21 Dec 1994 10:32:05 -0500
I just got a CERT advisory about NFS that talks about some fairly obvious (once thought of) dangers of NFS. It advises:
A. Filter packets at your firewall/router.
B. Use a portmapper that disallows proxy access.
C. Check the configuration of the /etc/exports files on your hosts. In particular:
1. Do *not* self-reference an NFS server in its own exports file. 2. Do not allow the exports file to contain a "localhost" entry.
Anyone know why these are recommended? As far as I can see, if your portmapper doesn't do proxy calls and/or you firewall out port 111, and you don't care about local attacks, neither C.1 nor C.2 will buy you anything further. Am I missing something, or are these bits of advice simply there for people who don't do A and B? der Mouse mouse () collatz mcrcim mcgill edu
Current thread:
- CERT, about NFS der Mouse (Dec 21)
- Re: CERT, about NFS John Hawkinson (Dec 21)
- Re: CERT, about NFS Jim Duncan (Dec 21)
- Re: CERT, about NFS Scott Schwartz (Dec 21)
- Bugtraq reorganization notes Kevin at Freeside Support (Dec 21)
- Re: CERT, about NFS Leo Bicknell (Dec 22)
- Re: CERT, about NFS Oliver Friedrichs (Dec 22)
- (fwd) HP-UX 9.x: /usr/lib/expreserve creates files anywhere (fwd) Paul 'Shag' Walmsley (Dec 22)
- Re: CERT, about NFS Chris Ellwood (Dec 22)
- Re: CERT, about NFS Paul 'Shag' Walmsley (Dec 22)
- <Possible follow-ups>
- Re: CERT, about NFS Dave Mitchell (Dec 22)
(Thread continues...)