On 11/17/2014 10:42 AM, Carlos E. R. wrote:
But tftp is not ftp. It is a different protocol, and security is not one of its features. It is used, I understand, to boot up machines via network, because it can be accessed (read) directly by network card bioses, so it was built very simply.
Yes, that's my point. Its another archaic "anonymous ftp" protocol being used you of context. It unsecurable and was used to bootstrap 'small' semi-autonomous semi-smart devices such as terminals in the early days of networking when memory/storage was still expensive yamma yamma yamma. It should not have been exposed on the WAN! I'm sorry to say that there was - still is as far as I know - a Big Name ex-IBM Security Consultant who asserted that machines should be shipped with all the standard ports open and services enabled and sysadmins should be smart enough to decide which to shut down, since shipping with them closed would inconvenience users and 'availability' is what counts. (And yes, TFTP was included.) I berated him for this on a public forum, but he was the Big Important Well Known Guy Wearing Suit and I was just a unknown sysadmin mouthing off, who do you think got ignored? Well look how systems ship today. One cannot assume that the Internet is benign. -- A: Yes. > Q: Are you sure? >> A: Because it reverses the logical flow of conversation. >>> Q: Why is top posting frowned upon? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org