Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
RE: [suse-security] scans to port 111
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Fri, 13 Jul 2001 11:59:54 +0200 (MEST)
  • Message-id: <XFMail.010713115954.bolo@xxxxxxx>

On 12-Jul-01 Volker Kuhlmann wrote:
>> There are numerous vulnerabilities in rpc services and demons, such as
>> snmpXmid, rpc.statd and wu-ftpd, buffer overflows in various services, and
>> so
>> on. Look at Cert's collection of the current cracker/kiddie activity on
>> http://www.cert.org/current/current_activity.html#scans . And keep your
>> system
>> free of rpc.
>
> Let's say I have a home network of 3 computers, which share disks with
> NFS. What's the risk if all NFS-related ports are blocked on the firewall
> to the outside?

Assume some local configuration errors on your firewall and/or buggy system
demons which may be used to gain r00t on it, and a local network behind this
faulty machine where anything goes NFSwise because of the assumption that,
because the number of nodes in your LAN is very small, you trust your users
more than you would if you'd run a net of 100+ nodes. So there we have all
these NFS shares, lingering around w/o protection in the internal LAN, and a
cracker who just entered your vulnerable firewall...

> There doesn't seem to be much of an alternative to NFS, or is it
> unreasonable to assume the internal net is trustworthy?

To add some statistical data here, 55% of all problems related to computer
fraud, cracking/hacking or simply power problems are caused by human error,
followed by physical security problems (20%) and dishonest/disgruntled
employees/users (9 - 10%) (Source: Computer Security Institute, O'Reilly 2000).
This, added to my personal experience regarding attacks from "trusted"
users, is reason enough to protect valuable ressources from internal users as
well, because they're already within the security perimeter and could cause
more trouble (deliberately or not) than anyone coming from outside in the
first place.

I'm still waiting for a *stable* AFS server to be released for Linux, as this
seems to be a promising alternative to nfs. Take a look at
http://www.stacken.htk.se/project/arla/ and
http://www.helpdesk.umd.edu/linux/afs/faq.shtml .

> Volker
>
> --
[...]

---
Boris Lorenz <bolo@xxxxxxx>
System Security Admin *nix - *nux
---

< Previous Next >
Follow Ups
References