Snort mailing list archives
Re: TFTP Get
From: Rich Adamson <radamson () routers com>
Date: Wed, 19 Mar 2003 06:30:13 -0600
Yes, tftp is unauthenticated. That alone is not grounds to call it "nasty", as so are most http and smtp transactions. It is however nasty to use it for a situation that you want some security.. such as using it to load configs into routers.. I'll agree that's a gigantic flaw in cisco's routers that they even support tftp configuration,
For those that haven't had to manage large numbers of routers, Cisco does not implement a tftp _server_ function in its default router configuration (unlike Nortel, where this function has been implemented by default for years and a fair number of managers do not change it). Both companies give you plenty of rope to be able to hang yourself if you so choose. Loading a Cisco config via tftp either requires that you know the router login sequence, you have the snmp read-write community string necessary to remotely request the config load, or, someone purposefully implemented the tftp server config. All of which _should_ be limited by access lists and/or other trevial security measures that have been documented for years. If you think tftp is a bad idea, how about Nortel's approach using snmp (via Site Manager) to config _everything_ using the Unreliable Data Protocol (udp) and best-effort packet delivery, knowing full well that a single missing snmp packet will hose the config. ------------------------------------------------------- This SF.net email is sponsored by: Does your code think in ink? You could win a Tablet PC. Get a free Tablet PC hat just for playing. What are you waiting for? http://ads.sourceforge.net/cgi-bin/redirect.pl?micr5043en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- TFTP Get Clayton Mascarenhas (Mar 18)
- Re: TFTP Get Frank Knobbe (Mar 18)
- Re: TFTP Get Matt Kettler (Mar 18)
- Re: TFTP Get twig les (Mar 18)
- Re: TFTP Get Matt Kettler (Mar 18)
- Re: TFTP Get twig les (Mar 18)
- Re: TFTP Get Jason Haar (Mar 18)
- Re: TFTP Get Rich Adamson (Mar 19)
- Re: TFTP Get twig les (Mar 18)
- <Possible follow-ups>
- Re: TFTP Get Clayton Mascarenhas (Mar 18)