Re: NFS exporting

smb@research.att.com
Thu, 14 Apr 94 12:46:09 EDT

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Perry E. Metzger: "Re: NFS exporting"
Previous message: Perry E. Metzger: "Re: NFS exporting"
Maybe in reply to: Scott D. Yelich: "NFS exporting"
Next in thread: Perry E. Metzger: "Re: NFS exporting"

	 >People can read and write your disk. In addition, anyone with access
	 >to your network can spoof NFS packets and either interfere with your
	 >view of whats on the disk or with the server's idea of what you are
	 >attempting to write (or read). The latter portion should be obvious -
	-
	 >its easy to mount an active attack on a udp based protocol

	  A while back I saw some discussion about NFS using tcp instead of
	  udp. Would this make things any more secure?

Yes, considerably; it's much harder (though by no means impossible)
to butt in to the middle of a TCP session.

(Advt.)  In our book, Bill Cheswick and I describe a proxy NFS setup,
using TCP, a user-level NFS server, and chroot.  4.4bsd and Sun's NFS
Version 3 support NFS over TCP; Linux has a user-level server.  It's
not hard to put the pieces together to do things that way, but it's
not standard yet.

		--Steve Bellovin

Next message: Perry E. Metzger: "Re: NFS exporting"
Previous message: Perry E. Metzger: "Re: NFS exporting"
Maybe in reply to: Scott D. Yelich: "NFS exporting"
Next in thread: Perry E. Metzger: "Re: NFS exporting"