Re: RPC protocol problem?

der Mouse (mouse@Collatz.McRCIM.McGill.EDU)
Wed, 24 Aug 1994 08:59:07 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jonathan M. Bresler: "Re: nfsbug"
Previous message: der Mouse: "Re: flash"
Maybe in reply to: Baba Z Buehler: "RPC protocol problem?"
Next in thread: prince of insufficient light: "Re: RPC protocol problem?"

> Yes, if you export to yourself and your nfs isnt set up securely,
> then you can call the portmapper command to do the mount call.  Thus
> , it appears the mount command came from localhost.  That gets the
> filehandle to the intruder and bingo for him.  To take corrective
> measures, dont export to yourself and/or turn on priviledge port
> checking within nfs.

Or do what at least one site I know of does - don't pass NFS packets
through the border.  The site in question is connected to the net
through a box that silently drops NFS packets...so you can (probably)
get their file handles this way, but can't do diddly with them once you
have them.

					der Mouse

			    mouse@collatz.mcrcim.mcgill.edu

Next message: Jonathan M. Bresler: "Re: nfsbug"
Previous message: der Mouse: "Re: flash"
Maybe in reply to: Baba Z Buehler: "RPC protocol problem?"
Next in thread: prince of insufficient light: "Re: RPC protocol problem?"