On 22/05/2007, at 6:01 PM, Howard Lowndes wrote:
I've just wasted half the afternoon trying to work out why a tftp
server wasn't delivering a config file to a VoIP phone, and I
finally discover that it's mode of operation has been changed
during an "upgrade" of the tftp server, presumably to "enhance"
security.
The client had been requesting the file by accessing destination
port 69udp on the server, and the server had been delivering the
file via source port 69udp. This meant that I could have very
tight and specific filters in iptables.
Now I discover that the server delivers the files via random high
source ports instead, which means that now I have to open up the
filters to accommodate a wide range of source ports from the server
instead of the original port 69.
I do not call that enhanced security and the idiot that thinks it
is should be emasculated.
To add insult to injury I can find nothing in the scant
documentation to tell me how to force the server back to its
original mode of operation.
To add a more technical point to the thread - the RFC says that
behaviour is correct.
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
