Subject: | |
From: | |
Reply To: | |
Date: | Tue, 22 Nov 2005 15:19:42 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Johnson, Tracy wrote:
> It begs the question, what are you stopping when you stop tftp?
>
> Is there a tftp exploit or something?
tftp is often used to transfer configurations, images, and other information for "bootstrap" like functions or to support an otherwise "lightweight" device. switches/routers/etc have been traditionally setup, backed up, and updated via tftp (though other transfer methods are appearing lately).
In a 'stock' tftp there is no user authentication. You just plain get or put a file, no authentication necessary. Putting a file on top of an existing one deletes the prior copy. Virtually no security at all in the base protocol, you have to add it on (inetdsec, tcp wrappers, iptables, etc).
Jeff
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|