nanog mailing list archives
RE: Vonage complains about VoIP-blocking
From: Bruce Campbell <bc-nanog () vicious dropbear id au>
Date: Wed, 16 Feb 2005 08:41:16 +1000 (EST)
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
On Tue, 15 Feb 2005, Hannigan, Martin wrote:Something else to consider. We block TFTP at our border for security reasons and we've found that this prevents Vonage from working.Vonage devices initiate an outbound TFTP connection back to Vonage to snarf their configs on initial connection and also (presumably) on reboot.I tested the reboot. I didn't see it. I agree in general and think that providers shouldn't block tftp, IMHO.
Traditionally, tftp has been used by networks as a configuration/boot mechanism of their local equipment, with customers rarely using it (at least, thats been my experience). Hence, most people writing the acls are concerned with protecting their own equipment, and getting the most out of their routers. Having acls that block all tftp except from your management IPs is a lot easier than acls that block all tftp to your tftpable devices except from your management IPs. Introducing new devices that are intended to trust that big, bad, easily spoofable internet using non-secured protocols such as tftp in order to get their configuration from a non-local server shows a degree of trust not seen since the Famous Five, the BabySitters Club and pre '96 O'Reilly books on writing internet protocols. --==-- Bruce.
Current thread:
- Re: Vonage complains about VoIP-blocking, (continued)
- Re: Vonage complains about VoIP-blocking John Kristoff (Feb 15)
- Re: Vonage complains about VoIP-blocking Eric Gauthier (Feb 15)
- Re: Vonage complains about VoIP-blocking John Levine (Feb 15)
- Re: Vonage complains about VoIP-blocking John Todd (Feb 16)
- RE: Vonage complains about VoIP-blocking Hannigan, Martin (Feb 15)
- RE: Vonage complains about VoIP-blocking Hannigan, Martin (Feb 15)
- RE: Vonage complains about VoIP-blocking Jay Hennigan (Feb 15)
- RE: Vonage complains about VoIP-blocking Nathan Allen Stratton (Feb 15)
- RE: Vonage complains about VoIP-blocking Michael Hallgren (Feb 15)
- RE: Vonage complains about VoIP-blocking Jay Hennigan (Feb 15)
- RE: Vonage complains about VoIP-blocking Hannigan, Martin (Feb 15)
- RE: Vonage complains about VoIP-blocking Bruce Campbell (Feb 15)
- RE: Vonage complains about VoIP-blocking Michael Hallgren (Feb 15)
- Re: Vonage complains about VoIP-blocking Stephen Sprunk (Feb 15)
- Re: Vonage complains about VoIP-blocking Nathan Allen Stratton (Feb 15)
- RE: Vonage complains about VoIP-blocking Bruce Campbell (Feb 15)
- RE: Vonage complains about VoIP-blocking Jason L. Schwab (Feb 15)
- Re: Vonage complains about VoIP-blocking Daniel Golding (Feb 15)
- RE: Vonage complains about VoIP-blocking Michael Hallgren (Feb 15)
- RE: Vonage complains about VoIP-blocking Nathan Allen Stratton (Feb 15)
- RE: Vonage complains about VoIP-blocking Michael Hallgren (Feb 15)
- Re: Vonage complains about VoIP-blocking Chris Parker (Feb 15)
- Re[2]: Vonage complains about VoIP-blocking C. Hagel (Feb 16)
- Re: Vonage complains about VoIP-blocking Daniel Golding (Feb 15)