NFS question

[neuron]

I'm currently using samba to access my server, but I've had some problems with it lately, and either way I've found nfs to be considerably less resource hungry (encrypted hd's, so cpu is a bottleneck, I get 4mb/sec with samba and 7mb/sec with nfs!), with samba I need a login to access my server, but for nfs (as far as I understand it) read-write control is by ip, not that I dont trust the people on this network, but stealing an ip isn't exactly hard.

Is there any way to do some confirmation thing that that ip is actually the box it should be? And as I said cpu is a bottleneck so I'd rather not mount through ssh.

[nightblade]

if the NFS client and server are on the same subnet, you can use a static arp entry to uniquely correlate the IP address with the MAC address. This would make messing up with IPs much harder (for every protocol/service, not just NFS), and would protect you from ARP poisoning attacks as well.
_________________
In God we trust. All the others must provide a valid X.509 certificate

[neuron]

would make it a bit harder I suppose, it's still possible to alter the MAC address from the bios'es of two of the computers I got standing here (nforce2 chipsets with onboard networking).

[nightblade]

Depends on the situation: keep in mind that switches usually complain when they see the same unicast MAC on more than one port and this would make things hard for someone trying to spoof both the IP and the MAC address.
_________________
In God we trust. All the others must provide a valid X.509 certificate