nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Vonage complains about VoIP-blocking

From: Daniel Golding <dgolding () burtongroup com>
Date: Tue, 15 Feb 2005 16:49:28 -0500


I've gotten a couple emails on this. To summarize:

1) some malware uses tftp. However much malware now uses other ports, such
as 80

2) There are numerous buffer overflow bugs with tftp. This would seem to be
better resolved with rACLs or ACLs towards loopback/interface blocks. (and,
of course, turning tftp off and using scp or sftp)

It would be interesting to find out what percentage of Internet accessible
routers are remotely upgradable via TFTP presently. Sadly, this would be
non-zero...

- Dan

On 2/15/05 4:28 PM, "Rob Thomas" <robt () cymru com> wrote:


Hi, Dan.

] Why block TFTP at your borders? To keep people from loading new versions of
] IOS on your routers? ;)

Funny you should mention that.  :)  We have seen miscreants do exactly
that.  They will upgrade or downgrade routers to support a feature set
of their choosing.

A lot of malware uses TFTP to update itself as well.

Please note that I am NOT advocating the blocking of TFTP.

Thanks,
Rob.
Previous By Date Next
Previous By Thread Next

Current thread: