NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: access control for mountd, statd, and lockd?
On Feb 8, 2010, at 10:37 AM, Steven Bellovin wrote:
> Yup, though my concerns are broader -- I'd really like to block completely
> unwanted packets at the IP level, to guard against bugs in the
> authentication, the crypto, etc. There's a long history of those, too.
Well, yes. Hopefully anyone using NFS has a firewall guarding their Internet
connections, so completely unwanted packets from the rest of the 'net should be
filtered there.
If you are concerned about subnet-local exploit attempts, host-based firewall
approaches like libwrap or individual IPFW / PF / IPF will do some good, but
it's really hard to defend against all of the potential attacks and DoS
conditions if your local network is malicious.
(And that's regrettably true even if you *weren't* trying to do filesharing....)
Regards,
--
-Chuck
- References:
- access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
Home |
Main Index |
Thread Index |
Old Index