netbsd-users: Re: restricting NFS (and associated services) to one IP address

Subject: Re: restricting NFS (and associated services) to one IP address
To: matthew sporleder <msporleder@gmail.com>
From: Michael van Elst <mlelstv@serpens.de>
List: netbsd-users
Date: 10/10/2006 20:36:56

On Tue, Oct 10, 2006 at 02:29:58PM -0400, matthew sporleder wrote:

> Okay.. I will certainly yield that running an exploitable service on
> the public network would allow some access to the private network.  I
> guess that I was writing from the assumption that you wouldn't be
> doing that sort of thing.

The "exploitable service" doesn't need to run on the public network,
it is sufficient when it is on the private network. And that's why
a service isn't "safe" when you bind its socket to a "private" IP
address.

-- 
                                Michael van Elst
Internet: mlelstv@serpens.de
                                "A potential Snark may lurk in every tree."