Xref: utzoo comp.protocols.nfs:213 comp.sys.ibm.pc:29418
Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!tut.cis.ohio-state.edu!ucbvax!decwrl!sgi!vjs@rhyolite.wpd.sgi.com
From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
Newsgroups: comp.protocols.nfs,comp.sys.ibm.pc
Subject: Re: PCNFS and security
Summary: we live in an aquarium
Message-ID: <33846@sgi.SGI.COM>
Date: 27 May 89 03:23:33 GMT
References: <2373@daimi.dk> <11668@bloom-beacon.MIT.EDU> <578@eagle_snax.UUCP>
Sender: daemon@sgi.SGI.COM
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 37

In article <578@eagle_snax.UUCP>, geoff@hinode.east.sun.com (Geoff Arnold) writes:
> 
> ...My understanding of the state of this particular
> art is that the only way to really spoof such schemes is with a combination
> of host impersonation (probably involving gateway subterfuge) and
> messing around with the network time source(s)...

Arp packets are a handy tool for impersonation, at least given the passive
response of standard 4.xBSD network code to the theft its IP address.

If you use the 4.3BSD timed as a network time source, and unless the timed
code has had substantial changes to make it picky about who it thinks is a
timelord, any machine in the network can change the network time.  I spent
a lot of time banging on the BSD timed code, with limited success.  There
are seemingly grievous errors in the TSP protocol, beyond the complete lack
of provision for authentication & authorization.  One may hope that someone
at Sun is smarter than I.

> [After all's said and done, fixing NFS without doing something
> about the other network services is pretty useless. Anyone with
> a Sniffer(tm) or similar network monitor can snarf up all the
> passwords (s)he wants, assuming that telnet or ftp is being used....]

Agreed.  However, there is no need to buy a fancy box if all you want to do
is snarf passwords.  If I didn't have access to the snazzy network
monitoring tools on my IRIS workstation, I would use etherfind on the
nearest Sun.  (Of course I never have and expect never to abuse the tools
that way.)  Aren't there snoopy ethernet products for PC's?

> Geoff Arnold,                              Internet: garnold@sun.com
> Manager, PC-NFS Engineering                UUCP: ....!sun!garnold
> PCDS Group, Sun Microsystems Inc.


Vernon Schryver
Silicon Graphics
vjs@sgi.com