Date: Tue, 15 Dec 1998 11:06:57 -0500 (EST) From: spork <spork@super-g.com> To: Robert Withrow <witr@rwwa.com> Cc: Bernd Walter <ticso@cicely.de>, dmlb@ragnet.demon.co.uk, hackers@FreeBSD.ORG Subject: Re: NFS thoughts Message-ID: <Pine.BSF.4.00.9812151100500.23031-100000@super-g.inch.com> In-Reply-To: <199812150156.UAA28685@spooky.rwwa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 14 Dec 1998, Robert Withrow wrote: > ticso@cicely.de said: > :- Nevertheless the client discards the answers. > > As, I'm told, it should. Otherwise this allows for a > spoofing attack. I was told this was a bug in SUN NFS servers, > returning the wrong IP in a packet. Also, I thought the > "noconn" option was the work-around for this problem. How about this one. I have two servers with two nics each. One nic on each machine has a 'public' IP and the other has a 'private' IP. All nfs mounts happen on the private side. Both machines are nfs servers and clients. If I take one out of service, I see these messages from the portmapper (this is Wietse's portmapper w/ACLs): Dec 15 10:36:59 newshell portmap[295]: connect from 207.240.xxx.xxx to callit(mountd): request from unauthorized host. So even though the mount it's trying is on 10.0.0.x, it tries connecting out the public side... Any ideas why? Thanks, Charles > > --------------------------------------------------------------------- > Robert Withrow, R.W. Withrow Associates, Swampscott MA, witr@rwwa.COM > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.00.9812151100500.23031-100000>