which interface: mountd,rpcbind
Sandy Rutherford
sandy at krvarr.bc.ca
Tue Apr 19 11:57:49 PDT 2005
>>>>> On Tue, 19 Apr 2005 17:35:56 +0200,
>>>>> cpghost at cordula.ws said:
> On Mon, Apr 18, 2005 at 09:09:36AM -0400, Lowell Gilbert wrote:
>> "Florian Hengstberger" <e0025265 at student.tuwien.ac.at> writes:
>>
>> > Hi!
>> > I really worry about that it seems (man mountd, man rpcbind)
>> > impossible to specifiy the interface these daemons bind to.
> I've had exactly the same problem a while ago! The important thing
> here, is that nfsd doesn't bind to INADDR_ANY. The other daemons
> are still potentially vulnerable to other kinds of attacks though,
> but it would be extremely difficult to inject NFS RPCs into this
> system from an external interface.
> I wished rpcbind and mountd (and rpc.lockd and rpc.statd!) could be
> configured to listen on a specific interface. As long as that is not
> implemented, you should really use pf or another packet filter on your
> external interface, to protect NFS.
In addition, tcpwrappers can be used to further protect NFS.
Sandy
More information about the freebsd-questions
mailing list