Brocade Fibre Channel Networking Community

Expand all | Collapse all

NFS Filesystems option Brocade FC switch

  • 1.  NFS Filesystems option Brocade FC switch

    Posted 04-21-2014 12:36 PM

    Hi Guys,

    Is NFS Filesystem option available in Brocade FC switch with FOS 6.4.3e? If yes,

    May i know how to enable and disable it?

    I have checked in Admin guide and CLI guide but no info found with respect to NFS.

     

    Regards,
    Niklesh Reddy


    #BrocadeFibreChannelNetworkingCommunity


  • 2.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-21-2014 01:29 PM

    I'm not sure what you're looking for here. NFS is a NAS protocol, these are Fibre Channel switches. Are you looking for some way to transfer files from the switch?


    #BrocadeFibreChannelNetworkingCommunity


  • 3.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-21-2014 03:05 PM

    Our customer ran IP360 for scan and the vulnerability was reported on all the brocade switches.

    See description below:
    -------------------------------------

    Vulnerablity Description
    VULNDESC-1528
    IP360: Vulnerability 3812 Exported NFS Filesystems
    Type: VulnDesc
    Source:IP360
    Vulnerability ID:3812
    Vulnerability Name: Exported NFS Filesystems
    Advisory: nCircle CVSS Base Score: 8.8
    Risk: Remote Privileged

    Regards,
    Niklesh Reddy

     


    #BrocadeFibreChannelNetworkingCommunity


  • 4.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-21-2014 03:12 PM

    So customer wants to disable it... is it possible to disable NFS on the FC switch?

    Even i have not seen NFS on FC switch...Checking out if any one has seen it. and anyone knows about this issue..

    Regards,
    Niklesh Reddy


    #BrocadeFibreChannelNetworkingCommunity


  • 5.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-21-2014 09:39 PM

    NFS is not an option which you can en/disable, file delivery (firmware) is either FTP/USB AFAICR.

    personaly I've never come across a FC switch with an NFS deamon running.

    An nmap/netstat/rpcinfo against my 6.2.0g hasn't marked the default udp/tcp 2049 for NFS as open.

     

    That said you can use the ipfilter rules to block anything

    You can even lock yourself out of your switch, so be carefull and make sure you have a working serial connection in the event you locked yourself out.

     

    But before you block the port, make sure no other services are using that port which are vital to its workings by confirming the IP360 findings.


    #BrocadeFibreChannelNetworkingCommunity
    #block
    #ipfilter
    #nfs
    #policy


  • 6.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-22-2014 04:30 PM

    Hi,

    Thank you for reply,

    I got it that .. we cant disable/enable the NFS on FC switch..

    One more question...

    Are FC switches NFS vulnerable at FOS 6.4.3e ?

    Regards,
    Niklesh Reddy

     

     

     


    #BrocadeFibreChannelNetworkingCommunity


  • 7.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-22-2014 09:53 PM

    Clarifying my last post first alinea; there should be no NFS deamon (running) on your switch.

     

    Ask whomever marked the security issue to give more details on how the alert was raised in the first place, perhaps its a false positive.

     

    So NO would be the answer to "Are FC switches NFS vulnerable at FOS 6.4.3e ?" as there (should be) no NFS deamon.


    #BrocadeFibreChannelNetworkingCommunity


  • 8.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-23-2014 11:15 AM

    Hi,

    I will check and update .

    Regards,
    Niklesh Reddy


    #BrocadeFibreChannelNetworkingCommunity


  • 9.  Re: NFS Filesystems option Brocade FC switch

    Posted 04-25-2014 12:30 PM

    Hi.

     

    We are running 6.4.3d on a few varieties of switches and this vulnerability just popped up a few weeks ago from our security team as well.  I haven't had time to look much into it yet, but I suspect Support will say "Upgrade your firmware before we'll help you at all"...

     

    I'll try to get more details from our Security team.

     

    Cheers

    R


    #BrocadeFibreChannelNetworkingCommunity