>> port 2049 is the NFS port ( normally UDP but the TCP port should be >> blocked too as some newer NFS implementations support TCP ...) >> blocking it at your router should ( I think ) block all NFS attacks Not if your portmapper supports PMAPPROC_CALLIT. > Sun's NFS implementation always used TCP as well as UDP Not the SunOS 4.1.2 machines here, certainly; both rpcinfo -p and netstat list only UDP. Nor has any older version I have any experience with ever supported NFS over TCP. > Blocking tcp/udp 2049 will not prevent *ALL* NFS attacks -- you might > still be able to get the fh's through source routed requests to > rpc.mountd Why bother with source routing? If the ports are blocked, source routing won't help; if not, there's no need for it. Unless you want to forge your IP address, which is orthogonal. > UDP doesn't have an IP_OPTIONS, thus doesn't support source routing.) Um, I strongly suggest you check out things like this with the RFCs before speaking. UDP, like TCP, is built on top of IP, and thus is perfectly capable of using IP options like source routing. > if NFS is filtered at the router, you will be able to send "unlink" > requests (using the fh's you have) Um? If NFS is filtered, how do you propose to get your packets past the filter? Or are you postulating a filtering setup stupid enough to block NFS traffic one way but not the other? der Mouse mouse@collatz.mcrcim.mcgill.edu