Re: NFS exporting
Perry E. Metzger (perry@snark.imsi.com)
Wed, 13 Apr 1994 19:29:32 -0400
"Aggelos D. Keromitis" says:
> In message <9404131739.AA26622@snark.imsi.com>, "Perry E. Metzger" writes:
> >Secure rpc buys you only a little bit -- it requires a bit of skill to
> >break it, but it will doubtless be easy to break when someone posts a
> >cracking script to the net sometime.
> >
> Well, this depends on what kind of RPC protection you're using; Un*x is
> weak (non-existant). However the one based on DES is adequate
> against the everyday cracker.
No it is not. The exponential key exchange is completely flawed -- it
can be broken quite easily. See the paper by LaMachia and Odlyzko. The
key exchange is a complete joke. You never even need to crack the DES
key -- you can simply extract it. As I say, this currently requires
skill, but at some point someone will doubtless point a script to do
that and then its all pretty much pointless after that.
> >As for NFS in general, its useless. As soon as you export an NFS
> >partition to the net (at least if you export it writable), you can
> >kiss your machine goodbye. Among other nasty tricks, even without the
> >mountd giving you any informaiton on the host you can just flood the
> >machine with unlink requests or guess inode generation numbers or
> >other such things. NFS is a hunk of junk.
> >
> Well, this is more or less true...mountd can be circumvented (hope i got this
> right) and one can send direct rpc/nfs requests to the nfsd...the hard part
> is actually guessing a valid file handle (32 byte number!).
> I have read in some documents that regular use of fsirand, a program which
> supposedly assigns to each file/dir a unique file handle, greatly reduces
> chances of a wild guess...
There are techniques you can exploit here that make hijacking an NFS
partition or simply destroying it way too simple.
Perry