3

I am using VirtualBox: where the guest is an Arch ISO and the host Windows/Cygwin or a generic Linux. For sharing host folders, VB native shared folders is not an option (since the setup requires often a reboot of the ISO).

I am turning to NFS, where the VB host is the server, which does not require a heavy setup on the Arch ISO guest.

I might use the VB host-only network and restrict NFS host access only to the IP of the guest ISO, which I can predict easily when there is a single VM, or I can limit the shared folder access to the VB host-only subnet.

I wonder which are the possibilities of spoofing the IPs, allowed to access the NFS share, on behalf of other boxes sitting in the same (sub)net of the VB host.

antonio
  • 845
  • 2
  • 8
  • 15
  • http://nfs.sourceforge.net/nfs-howto/ar01s06.html – zedman9991 Sep 23 '14 at 13:23
  • The document observes: "If the client's IP address matches [...] it will be allowed to mount. This is not terribly secure. If someone is capable of spoofing or taking over a trusted address then they can access your mount points." But the IP spoofing is not dealt with. Normally one can use IP filtering at gateway level. I wonder if it is possible a filtering inside the VB host too, ie detecting and discarding packets not coming from the virtual network, despite their source has been modified with an IP belonging to the virtual network. – antonio Sep 23 '14 at 19:13
  • Your NFS should be protected as you suggest. The attacker would probably take on VirtualBox directly if they were coming at you and then own it all... – zedman9991 Sep 23 '14 at 20:57

0 Answers0