North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Vonage complains about VoIP-blocking

  • From: Daniel Golding
  • Date: Tue Feb 15 16:52:40 2005

I've gotten a couple emails on this. To summarize:

1) some malware uses tftp. However much malware now uses other ports, such
as 80

2) There are numerous buffer overflow bugs with tftp. This would seem to be
better resolved with rACLs or ACLs towards loopback/interface blocks. (and,
of course, turning tftp off and using scp or sftp)

It would be interesting to find out what percentage of Internet accessible
routers are remotely upgradable via TFTP presently. Sadly, this would be

- Dan

On 2/15/05 4:28 PM, "Rob Thomas" <[email protected]> wrote:

> Hi, Dan.
> ] Why block TFTP at your borders? To keep people from loading new versions of
> ] IOS on your routers? ;)
> Funny you should mention that.  :)  We have seen miscreants do exactly
> that.  They will upgrade or downgrade routers to support a feature set
> of their choosing.
> A lot of malware uses TFTP to update itself as well.
> Please note that I am NOT advocating the blocking of TFTP.
> Thanks,
> Rob.