In message <9404131739.AA26622@snark.imsi.com>, "Perry E. Metzger" writes: > >Secure rpc buys you only a little bit -- it requires a bit of skill >to break it, but it will doubtless be easy to break when someone >posts a cracking script to the net sometime. > Well, this depends on what kind of RPC protection you're using; Un*x is weak (non-existant). However the one based on DES is adequate against the everyday cracker. What it does is: in the NIS (YP) server, a file is kept (/etc/publickey) which contains a secret key...when you login via rlogin/rsh and give a password, the local NFS client generates a temporary secret/public key, while the server does the same. Then the two create temporary random 56-bit keys which they exchange securely (public key cryptography)...then they use DES with the exchanged key as the encryption key...now, DES is considered secure enough for everyday use (keep in mind though that with 1 million $ one can build a machine that "cracks" the DES algorithm FAST...this means you won't keep NSA out :) Also to mention here that the whole protocol uses timestamps, so a replay-attack is not possible The only problems with these are that you have to have SunOS 4.0 and up, and run keyserv on all NFS-using systems. There are a couple of other (minor) problems...read the man pages for those...So, i'd say secure rpc is going to do more than delay the cracker...but if it was IDEA and not DES, i'd be much happier...You might also have problems finding DES if you're out of the US (general comment here). >As for NFS in general, its useless. As soon as you export an NFS >partition to the net (at least if you export it writable), you can >kiss your machine goodbye. Among other nasty tricks, even without the >mountd giving you any informaiton on the host you can just flood the >machine with unlink requests or guess inode generation numbers or >other such things. NFS is a hunk of junk. Well, this is more or less true...mountd can be circumvented (hope i got this right) and one can send direct rpc/nfs requests to the nfsd...the hard part is actually guessing a valid file handle (32 byte number!). I have read in some documents that regular use of fsirand, a program which supposedly assigns to each file/dir a unique file handle, greatly reduces chances of a wild guess...never used it, never even checked it's existance :) However (personal opinion), i believe that if you set up your exports right and use DES authentication you should be ok...NFS offers much and security considerations should not be a problem, unless you plan on putting top-secret data on the filesystems to be exported...