> Yes, if you export to yourself and your nfs isnt set up securely, > then you can call the portmapper command to do the mount call. Thus > , it appears the mount command came from localhost. That gets the > filehandle to the intruder and bingo for him. To take corrective > measures, dont export to yourself and/or turn on priviledge port > checking within nfs. Or do what at least one site I know of does - don't pass NFS packets through the border. The site in question is connected to the net through a box that silently drops NFS packets...so you can (probably) get their file handles this way, but can't do diddly with them once you have them. der Mouse mouse@collatz.mcrcim.mcgill.edu