Subject: Re: restricting NFS (and associated services) to one IP address
To: matthew sporleder <msporleder@gmail.com>
From: Michael van Elst <mlelstv@serpens.de>
List: netbsd-users
Date: 10/10/2006 20:36:56
On Tue, Oct 10, 2006 at 02:29:58PM -0400, matthew sporleder wrote:
> Okay.. I will certainly yield that running an exploitable service on
> the public network would allow some access to the private network. I
> guess that I was writing from the assumption that you wouldn't be
> doing that sort of thing.
The "exploitable service" doesn't need to run on the public network,
it is sufficient when it is on the private network. And that's why
a service isn't "safe" when you bind its socket to a "private" IP
address.
--
Michael van Elst
Internet: mlelstv@serpens.de
"A potential Snark may lurk in every tree."