[OpenAFS] Code to demo NFS/UDP weakness?

Chris Huebsch chris.huebsch@informatik.tu-chemnitz.de
Wed, 2 Aug 2006 14:38:03 +0200 (CEST)


On Wed, 2 Aug 2006, Daniel Clark wrote:

> The most useful article I found on the subject [3] also mentions that
> "UDP is also trivial to spoof, making it easy to get around the
> host-based access control, which relies on the IP address of the
> client." Does anyone know of code that would demo this vulnerability?

I found an other article:


I think that demonstrating an unlink-operation on an insecure nfs-server
would be really impressing.

Chris Huebsch    www.huebsch-gemacht.de | TU Chemnitz, Informatik, RNVS
GPG-Encrypted mail welcome! ID:7F2B4DBA |   Str. d. Nationen 62, B204
Chemnitzer Linux-Tage 2007, 3.-4. Maerz |       D-09107 Chemnitz
     http://chemnitzer.linux-tage.de/    |      +49 371 531-31118