Date: Wed, 01 Mar 2006 08:18:27 -0800 From: Colin Percival <cperciva@freebsd.org> To: freebsd-security@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-06:10.nfs Message-ID: <4405C953.80005@freebsd.org> In-Reply-To: <200603011502.k21F26v5062428@freefall.freebsd.org> References: <200603011502.k21F26v5062428@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD Security Advisories wrote: > Topic: Remote denial of service in NFS server > [...] > IV. Workaround > > 1) Disable the NFS server: set the nfs_server_enable variable to "NO" > in /etc/rc.conf, and reboot. > > Alternatively, if there are no active NFS clients (as listed by the > showmount(8) utility), simply killing the mountd and nfsd processes > should suffice. > > 2) Add firewall rules to block RPC traffic to the NFS server from > untrusted hosts. There's one more workaround: Since this problem only affects RPC messages incoming via TCP, disabling the use of TCP with NFS will correct this while still allowing NFS to run over UDP. To disable use of TCP for NFS, remove the "-t" flag from nfs_server_flags in /etc/rc.conf and reboot. Colin Percival
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4405C953.80005>