NetBSD-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: access control for mountd, statd, and lockd?
On Feb 8, 2010, at 1:49 PM, Chuck Swiger wrote:
> On Feb 8, 2010, at 10:37 AM, Steven Bellovin wrote:
>> Yup, though my concerns are broader -- I'd really like to block completely
>> unwanted packets at the IP level, to guard against bugs in the
>> authentication, the crypto, etc. There's a long history of those, too.
>
> Well, yes. Hopefully anyone using NFS has a firewall guarding their Internet
> connections, so completely unwanted packets from the rest of the 'net should
> be filtered there.
Precisely what I'm trying to do, which is why I want known port numbers to
block....
>
> If you are concerned about subnet-local exploit attempts, host-based firewall
> approaches like libwrap or individual IPFW / PF / IPF will do some good, but
> it's really hard to defend against all of the potential attacks and DoS
> conditions if your local network is malicious.
>
> (And that's regrettably true even if you *weren't* trying to do
> filesharing....)
>
> Regards,
> --
> -Chuck
>
>
--Steve Bellovin, http://www.cs.columbia.edu/~smb
- References:
- access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- From: Thor Lancelot Simon
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
- Re: access control for mountd, statd, and lockd?
Home |
Main Index |
Thread Index |
Old Index