rang@cs.wisc.edu (Anton Rang) (06/07/90)
In article <3023@unisoft.UUCP> greywolf@unisoft.UUCP (The Grey Wolf) writes: >To what extent does one disable tftp (or did the original user mean >anonymous ftp)? At a minimum, you should restrict either which hosts can access tftp on a given machine, or which files tftp can access. The problem is that tftp, as distributed, lets anyone access any publicly-readable file, and lots of important files (like /etc/passwd) are publicly readable. (In other words, having tftp enabled allows dictionary attacks to be tried without needing an account on the remote machine.) This is my understanding of the matter, at least; feel free to correct any misapprehensions. Anton +---------------------------+------------------+-------------+ | Anton Rang (grad student) | rang@cs.wisc.edu | UW--Madison | +---------------------------+------------------+-------------+
loverso@Xylogics.COM (John Robert LoVerso) (06/07/90)
And don't be fooled by the fact that the TFTP protocol doesn't include a list-directory call. The BSD tftpd will allow [publically readable] directories to be read, and so a clever user tftp program could use this to implement an "ls"-style listing. This can give away the names of subdirectories you might have in your tftp-area (if you are running a "secure" tftpd that does a chroot), or let the people walk your whole filesystem, even if they don't know its layout before hand. A trivial change to tftpd would prevent the reading of all but plain files. John -- John Robert LoVerso Xylogics, Inc. 617/272-8140 x284 loverso@Xylogics.COM Annex Terminal Server Development Group