North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical RE: Vonage complains about VoIP-blocking
> > On Tue, 15 Feb 2005, Hannigan, Martin wrote: > > > > On Tue, 15 Feb 2005, Hannigan, Martin wrote: > > > > > > > > Something else to consider. We block TFTP at our border for > > > > > security reasons and we've found that this prevents > Vonage from > > > > > working. > > > > > Vonage devices initiate an outbound TFTP connection back > to Vonage > > > to snarf their configs on initial connection and also > > > (presumably) on reboot. > > > > I tested the reboot. I didn't see it. I agree in general and think > > that providers shouldn't block tftp, IMHO. > > Traditionally, tftp has been used by networks as a > configuration/boot mechanism of their local equipment, with > customers rarely using it (at least, thats been my experience). . > > Hence, most people writing the acls are concerned with > protecting their own equipment, and getting the most out of > their routers. Having acls that block all tftp except from > your management IPs is a lot easier than acls that block all > tftp to your tftpable devices except from your management IPs. . > > Introducing new devices that are intended to trust that big, > bad, easily spoofable internet using non-secured protocols > such as tftp in order to get their configuration from a > non-local server shows a degree of trust not seen since the > Famous Five, the BabySitters Club and pre '96 O'Reilly books > on writing internet protocols. :) mh > > --==-- > Bruce. > >
|