TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [TCLUG:12807] bad day (more details)
On Mon, 24 Jan 2000, Scott wrote:
> > Crap. The machine was running DNS, DHCP, NFS, Sendmail, Apache, Zope, FTP.
> > All the inetd stuff was shut off except for SSH and FTP. Man, now I'm
> > angry. I guess I'm going to have to shift into paranoid mode (plus, it's
> > kind of embarrassing). I realize that I *should* be running SATAN,
>
> I've been told several times that NFS is rather
> insecure, though no one has ever mentioned what exactly the
> problems are with it. Maybe you want to look and see if
> wind0ze boxes support Coda. And what ftp daemon were you
> running? wu-ftp is the default, but some people like
> proftpd, and I know that one had security issue too awhile
> back.
All you have to do is restrict portmap using hosts.allow/deny, and you'll
be set with NFS. Make sure the machines you add access for can be trusted
though. =)
--
Nate Carlson <carlson@real-time.com> | Phone : (612)943-8700
http://www.real-time.com | Fax : (612)943-8500