TFTP

[FoBoT]

does anyone use this on a regular basis?

do you know a source discussing the security aspects of TFTP ?

i found a nice tftp server on the 3Com website, anyone have a favorite? do you know of a command line/scriptable client that supports larger blocksizes (> 512b per RFC 1783) ?

 

[n0cmonkey]

Security? I'm not aware of any security in tftp.

 

[ScottMac]

N0c is correct, there is no security (other that "security through obscurity") with TFTP. It's generally used to transfer new code to a device. It uses UDP and relies on application-level processes to guarantee delivery and flow control.

It' s utility, a wunnerful utility even ( I like and use the 3COM 3Cdaemon Version 2), but to push it's role beyond that would be somewhat foolish.

BTW: "Pumpkin" is alledged to be pretty decent as well ... many of my friends and coworkers us it.


Good Luck

Scott

 

[n0cmonkey]

I use the OpenBSD tftp daemon. Only use it for netbooting sparcs though.

 

[Mucman]

Just used the FreeBSD tftp server to boot a FreeBSD box... I think securing a tftp server pretty much means keeping it on the LAN, and and accessible from the outside world.

 

[cmetz]

TFTP is designed for diskless client booting, which is why it is designed to be implementable in a very very small amount of code. It's unfortunate that vendors of devices with real networking stacks have used TFTP for firmware upgrades for so long, but finally scp is becoming common enough that in a few years we won't have to deal with TFTP regularly...