From: Noveck, Dave (Dave.Noveck@netapp.com)
Date: 11/26/02-11:45:53 AM Z
Message-ID: <C8CF60CFC4D8A74E9945E32CF096548A07296B@SILVER.nane.netapp.com> From: "Noveck, Dave" <Dave.Noveck@netapp.com> Subject: RE: heads up - NetApp, NFSv4, and UDP Date: Tue, 26 Nov 2002 09:45:53 -0800 Trond wrote: > >>>>> " " == RJ Atkinson <rja@extremenetworks.com> writes: > > > If someone modifying your TCP/IP stack is really your threat > > model, > > then you probably should not use NFS at all, because there are > > N other serious security problems that (timeout + retry) cannot > > fix. > That's why we've added data integrity + data privacy into the security > model. > However those apply at the RPC level, *not* at the TCP level. People > can spoof ACKs back to the client, but they're not supposed to be able > to spoof RPC requests or replies. I just can't see any situation in which a denial-of-service attack (which I think is what we are talking about here) would be prevented by this approach of very slow request retry and on TCP, if we allowed retries, they would be very slow, so slow that NFS service would essentially be denied. So after waiting some number of *seconds* you re-issue your request and for some reason the ACK spoofer misses it and you manage to get your request over, some of time. I consider that a situation in which the denial-of-service attack has succeeded, just as it would have if you didn't retry.
This archive was generated by hypermail 2.1.2 : 03/04/05-01:50:31 AM Z CST