Subject: Re: NFS and reserved ports
To: Jonathan Stone <jonathan@dsg.stanford.edu>
From: Perry E. Metzger <perry@piermont.com>
List: tech-kern
Date: 03/24/1997 20:41:34
Jonathan Stone writes:
> Perry Metzger writes:
>
> >BTW, I will point out that this still does nothing to defend yourself
> >against guessed NFS file handles with forged addresses on them -- you
> >need fsirand for that.
>
> If you can forge an address that easily, fsirand doesn't help in
> any environment I've ever worked in.
Its pretty trivial to forge addresses.
Not every site filters incoming traffic. Sad but true. Security
systems should be robust in depth.
fsirand is necessary.
I'm really sick of arguing about this. So far as I can tell, the
decision on this has already been made. fsirand is part of what NetBSD
does. Lets drop this.
Perry