Re: IPMasqing NFS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 10 May 2001, Chris Majewski wrote:
>
> I'm at work, I would like to mount home_machine:/var/mp3, so I can
> listen to my mp3's. Not a lofty goal, but would be nice pull off at
> least as proof of principle. If I can do it without compromising the
> security of my home machine, great; if not, that's fine too. If I
> can't do it without compromising the security of my work network,
> that's a showstopper.
are you taking an unnecessary risk? sure. are you compromising security?
dunno. i have a cron job that starts and stops nfs on one of my systems
at specified times. do people try to get in when its running? hell yes.
but tcp wrappers has stopped them every time (fortunately).
it's all a question of the risk you're willing to take. kind of like
running through swamplands. do you think you can make it to the other
side before the alligators come . . .
because mine starts and stops at specified times (it's only open for a
total of 3 hours a day), it's a very small window of opportunity. and, by
using portsentry, hostsentry and logcheck, i can at least see what's going
on when the window is open.
- --
____) ,_)
(-(__ -|- _ _
____) | (/_\/(/_
(
_______________________________________________
| mailto : steve@exitwound.org |
| linux : http://exitwound.org |
| mozart : http://mozart.sourceforge.net |
| buck : http://www.BuckOwensFan.com |
_______________________________________________
| High heels are a device invented by a woman |
| who was tired of being kissed on the |
| forehead. |
_______________________________________________
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE6+uZnr9c0KwefYXMRAmI0AJ9NJOFfnWbnGMpI+0arnpIlGZCokgCfYrOu
3xH0hGd4SGHc9+G2/IuDFmY=
=fUeQ
-----END PGP SIGNATURE-----
Reply to: