[
https://issues.apache.org/jira/browse/HDFS-5569?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13839093#comment-13839093
]
Adam Faris commented on HDFS-5569:
----------------------------------
{quote}
Incidentally, it is not true that IP spoofing is impossible to do with TCP.
Kevin Mitnick famously used TCP sequence number guessing plus IP spoofing to
attack Tsutomu Shimomura. See
http://www.networkcomputing.com/unixworld/security/001.txt.html
{quote}
Colin, the information you cite and and the cert.org doc embedded in the link
is from the mid 1990's. It's a great history read but RFC-1948 (1996) and
RFC-6528 (2012) were both written to defend against sequence attacks.
{quote}
Maybe some other folks can speak up too, ...
{quote}
Yes please do.
> WebHDFS should support a deny/allow list for data access
> --------------------------------------------------------
>
> Key: HDFS-5569
> URL: https://issues.apache.org/jira/browse/HDFS-5569
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: webhdfs
> Reporter: Adam Faris
> Labels: features
>
> Currently we can't restrict what networks are allowed to transfer data using
> WebHDFS. Obviously we can use firewalls to block ports, but this can be
> complicated and problematic to maintain. Additionally, because all the jetty
> servlets run inside the same container, blocking access to jetty to prevent
> WebHDFS transfers also blocks the other servlets running inside that same
> jetty container.
> I am requesting a deny/allow feature be added to WebHDFS. This is already
> done with the Apache HTTPD server, and is what I'd like to see the deny/allow
> list modeled after. Thanks.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
