[lug] Backup
Zan Lynx
zlynx at acm.org
Mon Jan 2 18:59:13 MST 2006
David L. Anselmi wrote:
[snip]
> Oh look, here's someone doing public TFTP:
>
> http://www.dslreports.com/forum/remark,2246528~root=equip,17~mode=flat
>
> Before you say they're asking for trouble, ask yourself how this is
> different than apt-get upgrade.
The thing that is really risky about TFTP over public networks is that
TFTP is a UDP based protocol. That means that it is trivial to
impersonate a TFTP server. Because UDP doesn't require acknowledgement,
anyone can forge the source IP and pump them into your network, if they
realize you're doing a TFTP boot from a public IP address. Many ISPs do
source address validation at their routers, but not all of them.
More information about the LUG
mailing list