TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:12807] bad day (more details)



On Mon, 24 Jan 2000, Scott wrote:
> > Crap. The machine was running DNS, DHCP, NFS, Sendmail, Apache, Zope, FTP.
> > All the inetd stuff was shut off except for SSH and FTP. Man, now I'm
> > angry. I guess I'm going to have to shift into paranoid mode (plus, it's
> > kind of embarrassing). I realize that I *should* be running SATAN,
> 
>      I've been told several times that NFS is rather
> insecure, though no one has ever mentioned what exactly the
> problems are with it.  Maybe you want to look and see if
> wind0ze boxes support Coda.  And what ftp daemon were you
> running?  wu-ftp is the default, but some people like
> proftpd, and I know that one had security issue too awhile
> back. 

All you have to do is restrict portmap using hosts.allow/deny, and you'll
be set with NFS. Make sure the machines you add access for can be trusted
though.  =)

-- 
Nate Carlson <carlson@real-time.com>    | Phone : (612)943-8700
http://www.real-time.com                | Fax   : (612)943-8500