North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Vonage complains about VoIP-blocking
I've gotten a couple emails on this. To summarize: 1) some malware uses tftp. However much malware now uses other ports, such as 80 2) There are numerous buffer overflow bugs with tftp. This would seem to be better resolved with rACLs or ACLs towards loopback/interface blocks. (and, of course, turning tftp off and using scp or sftp) It would be interesting to find out what percentage of Internet accessible routers are remotely upgradable via TFTP presently. Sadly, this would be non-zero... - Dan On 2/15/05 4:28 PM, "Rob Thomas" <[email protected]> wrote: > Hi, Dan. > > ] Why block TFTP at your borders? To keep people from loading new versions of > ] IOS on your routers? ;) > > Funny you should mention that. :) We have seen miscreants do exactly > that. They will upgrade or downgrade routers to support a feature set > of their choosing. > > A lot of malware uses TFTP to update itself as well. > > Please note that I am NOT advocating the blocking of TFTP. > > Thanks, > Rob.