From owner-freebsd-doc@FreeBSD.ORG Tue Mar 3 15:15:10 2009 Return-Path: Delivered-To: doc@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BEA6A106566B for ; Tue, 3 Mar 2009 15:15:10 +0000 (UTC) (envelope-from SALEM@StatoilHydro.com) Received: from mailwall5.statoil.com (mailwall5.statoil.com [143.97.143.48]) by mx1.freebsd.org (Postfix) with ESMTP id 30EF08FC14 for ; Tue, 3 Mar 2009 15:15:09 +0000 (UTC) (envelope-from SALEM@StatoilHydro.com) Received: from st-w512.statoil.net ([143.97.174.25]) by mailwall5.statoil.com (8.13.4/8.13.4) with ESMTP id n23EMk86014148 for ; Tue, 3 Mar 2009 15:22:46 +0100 Received: from ST-EXCL13.statoil.net ([143.97.174.95]) by st-w512.statoil.net with Microsoft SMTPSVC(6.0.3790.3959); Tue, 3 Mar 2009 15:22:45 +0100 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.4325 Content-class: urn:content-classes:message MIME-Version: 1.0 Importance: normal Priority: normal Date: Tue, 3 Mar 2009 15:22:44 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: FreeBSD Jumpstart Guide Thread-Index: AcmcC4S5KUa5ltbzTI6YisEak0do3w== From: "Lazaro Daniel Salem" To: X-OriginalArrivalTime: 03 Mar 2009 14:22:45.0906 (UTC) FILETIME=[85BC6720:01C99C0B] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: FreeBSD Jumpstart Guide X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 03 Mar 2009 15:15:11 -0000 Hi!=20 =20 In this very nice article =20 =20 http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe/article.html =20 it is said: =20 Warning!!: This procedure will make the "Server" both insecure and dangerous, it is best to just keep the "Server" on its own hub and not in any way accessible by any machines other than the "Clients". =20 =20 I assume exporting NFS to the whole (sub)network and running tftp makes the system more vulnerable though I am not sure I remember all the details. It would help me to know more specifically what is vulnerable so we can think of measures to make teh system configuration less vulnerable when a single hub is not an option.=20 I am thinking of what can be done on systems like FreeNAS (FreeBSD 6.4 based) now that they have included tftp service as an option. =20 I thought I could use the scheme described in this document to netboot thin clients from the file server at home... I would appreciate if you could expand specifically on the vulnerabilities so one can think of solutions. =20 Thanks for this project. Though not that active anymore, I am sold to FreeBSD since 3.x. =20 Cheers, Lazaro D. Salem =20 reply if possible to lazaro.d.salem@gmail.com =20 =20 =20 =20 =20 =20 =20 ------------------------------------------------------------------- The information contained in this message may be CONFIDENTIAL and is intended for the addressee only. Any unauthorised use, dissemination of = the information or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and = delete this message. Thank you.