RE: Vonage complains about VoIP-blocking

["Michael Hallgren" <m.hallgren () free fr>]

> On Tue, 15 Feb 2005, Hannigan, Martin wrote:
>
> > > On Tue, 15 Feb 2005, Hannigan, Martin wrote:
> > >
> > > > > Something else to consider.  We block TFTP at our border for 
> > > > > security reasons and we've found that this prevents 
> Vonage from 
> > > > > working.
> >
> > > Vonage devices initiate an outbound TFTP connection back 
> to Vonage 
> > > to snarf their configs on initial connection and also
> > > (presumably) on reboot.
> >
> > I tested the reboot. I didn't see it. I agree in general and think 
> > that providers shouldn't block tftp, IMHO.
>
> Traditionally, tftp has been used by networks as a 
> configuration/boot mechanism of their local equipment, with 
> customers rarely using it (at least, thats been my experience).
.

> Hence, most people writing the acls are concerned with 
> protecting their own equipment, and getting the most out of 
> their routers.  Having acls that block all tftp except from 
> your management IPs is a lot easier than acls that block all 
> tftp to your tftpable devices except from your management IPs.


.


> Introducing new devices that are intended to trust that big, 
> bad, easily spoofable internet using non-secured protocols 
> such as tftp in order to get their configuration from a 
> non-local server shows a degree of trust not seen since the 
> Famous Five, the BabySitters Club and pre '96 O'Reilly books 
> on writing internet protocols.

:)

mh

> --==--
> Bruce.