On Wed, 18 Jan 1995, Dave Williss wrote: > In previous message, Christopher Klaus said... > > > > Why can't you make mountd on Ultrix 4.X reject mount requests from > > > non-privileged ports? turning on "nfsportmon" in the kernel doesn't > > > quite do the job properly. Things that make you go hmmm... > > > Install a good portmapper so that remote hosts can't easily find what port > > mountd is on. A better solution is to make sure that your routers kill > > all NFS packets from remote nets. > > Any idea what I should block on my router to do this? I have a cicsco > router if that's any help. port 2049 is the NFS port ( normally UDP but the TCP port should be blocked too as some newer NFS implementations support TCP ...) blocking it at your router should ( I think ) block all NFS attacks > > Also, does anybody know of a mailing list or FAQ for cisco setup. I find > their manuals cryptic. for a cisco the following line in an access list should block incoming NFS to class B net 147.233 access-list 1<xx> deny udp 0.0.0.0 255.255.255.255 147.233.0.0 0.0.255.255 eq 2049 (one line - this of course does UDP only & the access list must be 100-199 of course you would have to allow the conections you do want to allow - as there is an implicit deny all packet at the end of each access list ) while on the *incoming* port you would have int eth <n> access-group 1<xx> (if you have version 10.X you can also block on the outgoing port - RTFM.. :-) > -- > David C. Williss #include <standard.disclaimer> > Software Engineer -- MicroImages, Inc. dwilliss@microimages.com > WWW: http://tnt.microimages.com/~dwilliss dwilliss@csealumni.unl.edu > -- PGP Public Key available via finger from: dwilliss@csealumni.unl.edu -- > -- Rafi Sadowsky rafi@tavor.openu.ac.il [postmaster@openu.ac.il] FAX: +972-3-6460483