[OpenAFS] Code to demo NFS/UDP weakness?

[Daniel Clark]

I'm putting together a "NFSv3 is disgustingly insecure, we should move
to OpenAFS" type presentation for my management [1]. I've found
explanations to be less than completely understood, so I've decided to
put together a demo.

I've already found nfsshell [2], a commonly available user-level
program that among other things allows creation of NFS requests as any
other user on a system.

The most useful article I found on the subject [3] also mentions that
"UDP is also trivial to spoof, making it easy to get around the
host-based access control, which relies on the IP address of the
client." Does anyone know of code that would demo this vulnerability?

[1] NFSv4 isn't an option due to platform support requirements.

[2] Leendert van Doorn's nfsshell
ftp://ftp.cs.vu.nl/pub/leendert/nfsshell.tar.gz

[3] ;LOGIN: February 2005 pg. 17 - Rik Farrow's Musings
http://www.usenix.org/publications/login/2005-02/pdfs/musings.pdf

Thanks,
--
Daniel Clark
dclark@pobox.com