Great Circle Associates Firewalls
(April 1995) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: nfs tunnels, how bad?
From: Ed Strong <ems @ CS . Princeton . EDU>
Date: Tue, 11 Apr 1995 12:15:46 -0400
To: firewalls @ greatcircle . com 
A question for the list. We have a request to provide nfs from
an "inside" filesystem to a few hosts outside the firewall. I've told
them this is not a good idea, unfortunately I wasn't able to quantify
exactly how bad this is.

So exactly what can happen? I take the corruption of that exported filesystem
as a given. And using the filehandle trick, other exported filesystems from
that server are accessible. Special files can be written, and trojans can be
planted. (That's enough to discourage ME from trying it.)

However, assuming the firewall prevents outsiders from telnetting to the 
server, are any other, non-exported filesystems directly at risk?

Thank You
Ed
Indexed By Date Previous: Defender
From: Martin Hepworth <max @ airtechsms . co . uk>
Next: Re: Improvements to Scamming and Free Scam Set Reset
From: Christopher Klaus <cklaus @ shadow . net>
Indexed By Thread Previous: Re: Defender
From: "Rommel \"The Desert Fox\"" <rommel @ gabriel . resudox . net>
Next: NAT box makers phone number
From: Brantley Coile <bwc @ translation . com>
Google
 
Search Internet Search www.greatcircle.com