authenticated tftp
Yeah, seems like an oxy-moron, but this is a legitimate question, I promise. My linksys wireless router requires me to disable the admin password on it to tftp a firmware update to it--however, the Windows tftp client that Linksys ships appear to support some form of Oh yeah, and here's a password. It probably really doesn't make a difference security-wise, but it would be a lot more convenient to update wireless routers if our tftp client spoke whatever extension they use to carry the password. Does anyone know anything about that protocol extension, or if there are existing tweaks to add it to our tftp? (I saw nothing in the man page). If there's a pointer to the on-the-write bits, I can always stick it in myself, but I have yet to find one. Robert N M Watson FreeBSD Core Team, TrustedBSD Projects [EMAIL PROTECTED] Network Associates Laboratories ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: authenticated tftp
On Fri, 25 Jul 2003, 13:22-0400, Robert Watson wrote: Yeah, seems like an oxy-moron, but this is a legitimate question, I promise. My linksys wireless router requires me to disable the admin password on it to tftp a firmware update to it--however, the Windows tftp client that Linksys ships appear to support some form of Oh yeah, and here's a password. It probably really doesn't make a difference security-wise, but it would be a lot more convenient to update wireless routers if our tftp client spoke whatever extension they use to carry the password. Does anyone know anything about that protocol extension, or if there are existing tweaks to add it to our tftp? (I saw nothing in the man page). If there's a pointer to the on-the-write bits, I can always stick it in myself, but I have yet to find one. There are several tftp extension that NetBSD folk integrated to their tftpd/tftp recently. IIRC they were 2347 TFTP Option Extension. G. Malkin, A. Harkin. May 1998. (Format: 2348 TFTP Blocksize Option. G. Malkin, A. Harkin. May 1998. (Format: 2349 TFTP Timeout Interval and Transfer Size Options. G. Malkin, A. I know nothing about auth extension yet but the protocol is quite simple (trivial :-)) and if you get a dump of udp session between the router and windows tftp client it would be easy incorporate this one. -- Maxim Konovalov, [EMAIL PROTECTED], [EMAIL PROTECTED] ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: authenticated tftp
Maxim Konovalov [EMAIL PROTECTED] writes: On Fri, 25 Jul 2003, 13:22-0400, Robert Watson wrote: Yeah, seems like an oxy-moron, but this is a legitimate question, I promise. My linksys wireless router requires me to disable the admin password on it to tftp a firmware update to it--however, the Windows tftp client that Linksys ships appear to support some form of Oh yeah, and here's a password. It probably really doesn't make a difference security-wise, but it would be a lot more convenient to update wireless routers if our tftp client spoke whatever extension they use to carry the password. Does anyone know anything about that protocol extension, or if there are existing tweaks to add it to our tftp? (I saw nothing in the man page). If there's a pointer to the on-the-write bits, I can always stick it in myself, but I have yet to find one. There are several tftp extension that NetBSD folk integrated to their tftpd/tftp recently. IIRC they were 2347 TFTP Option Extension. G. Malkin, A. Harkin. May 1998. (Format: 2348 TFTP Blocksize Option. G. Malkin, A. Harkin. May 1998. (Format: 2349 TFTP Timeout Interval and Transfer Size Options. G. Malkin, A. I know nothing about auth extension yet but the protocol is quite simple (trivial :-)) and if you get a dump of udp session between the router and windows tftp client it would be easy incorporate this one. Just to explain further what Maxim is pointing out here: the authentication option, whatever it is, is *not* a standard, unlike the ones he listed. ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: authenticated tftp
On Fri, 25 Jul 2003, 13:22-0400, Robert Watson wrote: Yeah, seems like an oxy-moron, but this is a legitimate question, I promise. My linksys wireless router requires me to disable the admin password on it to tftp a firmware update to it--however, the Windows tftp client that Linksys ships appear to support some form of Oh yeah, and here's a password. I found some code that claims to implement this extension (specifically for communicating with a Linksys device). Unfortunately, I couldn't find any copyright or license for the code, so I can't just pass it along. However, it looks like it just attaches an option called password whose value is the unencrypted password. RFC 2347 describes the format of TFTP options. Looks like a few lines added to makerequest() in tftp.c should handle it. Plus a few additional lines of code for the command-line option. Should be an evening's work for someone. Good luck, Tim ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to [EMAIL PROTECTED]