NFS – What are some problems?
Few NFS servers may log the error messages while requests are been received with the invalid file handles, however many just ignore it that helps the attackers who try to guess the file handles. In case, you have a choice, select the NFS server, which may log requests with the invalid file handles (and this might not be a default configuration on the servers that support logging; and check to ensure you not just have a capability, however have enabled that).
The system has 3 problems. First, that there are the difficulties with an initial authentication. Besides, usual problems in using the forgeable IP addresses for the authentication, there is one more method for the attackers to authenticate the illicitly. RPC port service gives the forwarding service where the client will send the request to the service through location server.
The request can show to mountd like it is issued by a location service that is running on a server. In case, mountd allows server to mount the own file systems, then the attacker will send the mount request by using forwarding feature to get the valid file handle. In order, to deal with this, the server must deny itself an access, or forwarding feature of a port location service must get disabled (and best choice is to do all).
Second problem with the mountd authentication needs to do with an use of file handle as the authentication token. In case, attacker will determine the valid file handle without any help from mountd, then attacker will use that without any further authentication. Just guessing randomly will not work; the NFS version 2 makes use of 32byte file handles, as well as NFS version 3 makes use of variable length file handles to 64bytes long.
However, attackers do not need to guess randomly as NFS implementations generally impose the structure to file handles. Just the component of file handle data is totally random, and it is a part attacker needs to guess. The implementations differ on how much of random data there is; very early implementations are mainly bad about that, making use of file handles, which are totally based on time the file system was made that is simple to guess.
Modern implementations of the NFS have also addressed the problem, as well as patches are accessible for a lot of older implementations.