[lug] Backup
David L. Anselmi
anselmi at anselmi.us
Mon Jan 2 22:43:19 MST 2006
Zan Lynx wrote:
> David L. Anselmi wrote:
> [snip]
>
>>Oh look, here's someone doing public TFTP:
>>
>>http://www.dslreports.com/forum/remark,2246528~root=equip,17~mode=flat
>>
>>Before you say they're asking for trouble, ask yourself how this is
>>different than apt-get upgrade.
>
> The thing that is really risky about TFTP over public networks is that
> TFTP is a UDP based protocol.
(Actually this is a vulnerability, not a risk.)
But that doesn't mean that you shouldn't do it, or that you never would.
In some cases spoofing DNS is easier than spoofing UDP and yet how
many people routinely count on DNS being accurate? And if getting
spoofed is too risky for your application there are other (and many
better) ways of authenticating the server (or the content) than using TCP.
Dave
More information about the LUG
mailing list