FirewallWizards
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [fw-wiz] TFTP over vpns

from [Carson Gaspar] [Permanent Link][Original]
To: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Subject: Re: [fw-wiz] TFTP over vpns
From: Carson Gaspar <carson@taltos.org>
Date: Tue, 20 Feb 2007 21:59:48 -0800
Delivered-to: sp-com-lists@consult.net
Delivered-to: fwwizards-list2@consult.net
Delivered-to: firewall-wizards@listserv.icsalabs.com
In-reply-to: <006601c753af$050b0920$6f00cacb@MATHEW>
List-archive: <https://listserv.icsalabs.com/pipermail/firewall-wizards>
List-help: <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=help>
List-id: Firewall Wizards Security Mailing List <firewall-wizards.listserv.icsalabs.com>
List-post: <mailto:firewall-wizards@listserv.icsalabs.com>
List-subscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=subscribe>
List-unsubscribe: <https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards>, <mailto:firewall-wizards-request@listserv.icsalabs.com?subject=unsubscribe>
References: <45CCD483.5040903@codestorm.org><d4c58f940702120729m41dab187pd87f7266dfe47ef7@mail.gmail.com> <45D32082.1020606@codestorm.org> <006601c753af$050b0920$6f00cacb@MATHEW>
Reply-to: Firewall Wizards Security Mailing List <firewall-wizards@listserv.icsalabs.com>
Sender: firewall-wizards-bounces@listserv.icsalabs.com
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1) Gecko/20061025 Thunderbird/2.0b1pre Mnenhy/0.7.4.0 
Mathew Want wrote:
> Craig,
> 
> I had an instance last week where we were trying to block the reply traffic
> from a TFTP server with an ACL (the joys of an exercise in a Cisco course).
> What the instructor found was that in one of the RFC's (or similar tech doc)
> that some implementations of TFTP servers, although contacted on UDP/69,
> answer on udp/XX69. This would get dropped by a firewall tracking the UDP
> traffic as it would appear as a new connection rather than a reply to an
> existing one. 
> 
> Hope this helps.

That's how _all_ TFTP works - I suggest reading the RFC (1350).

<client:udp:anon-port-C> -> <server:udp:69>
<server:udp:anon-port-S> -> <client:udp:anon-port-C>
<client:udp:anon-port-C> -> <server:udp:anon-port-S>

TFTP is evil...

-- 
Carson
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [fw-wiz] TFTP (Was: Re: firewall-wizards Digest, Vol 10, Issue 9), Carson Gaspar
Next by Date:  [fw-wiz] qos pre-classify, tami
Previous by Thread:  Re: [fw-wiz] TFTP over vpns, Mathew Want
Next by Thread:  Re: [fw-wiz] TFTP over vpns, Jean-Denis Gorin
Indexes:  [Date] [Thread] [Top] [All Lists]