48.2.3.3. Edit the /var/yp/securenets File
If the
/var/yp/securenets
file is blank or does not exist (as is the case after a default installation), NIS listens to all networks. One of the first things to do is to put netmask/network pairs in the file so that ypserv
only responds to requests from the appropriate network.
Below is a sample entry from a
/var/yp/securenets
file:
255.255.255.0 192.168.0.0
Warning
Never start an NIS server for the first time without creating the
/var/yp/securenets
file.
This technique does not provide protection from an IP spoofing attack, but it does at least place limits on what networks the NIS server services.