[78031] in North American Network Operators' Group


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Vonage complains about VoIP-blocking

daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Feb 16 10:48:55 2005

Date: Wed, 16 Feb 2005 10:47:13 -0500 (EST)
From: Jon Lewis <jlewis@lewis.org>
To: NANOG <nanog@merit.edu>
In-Reply-To: <Pine.GSO.4.62.0502151521180.28688@qentba.nf23028.arg>
Errors-To: owner-nanog-outgoing@merit.edu


On Tue, 15 Feb 2005, Rob Thomas wrote:

>
> Hi, Dan.
>
> ] Why block TFTP at your borders? To keep people from loading new versions of
> ] IOS on your routers? ;)
>
> Funny you should mention that.  :)  We have seen miscreants do exactly
> that.  They will upgrade or downgrade routers to support a feature set
> of their choosing.
>
> A lot of malware uses TFTP to update itself as well.

Didn't nachi setup a tftpd on infected systems and then use tftp to load
itself onto systems it spread to?

----------------------------------------------------------------------
 Jon Lewis                   |  I route
 Senior Network Engineer     |  therefore you are
 Atlantic Net                |
_________ http://www.lewis.org/~jlewis/pgp for PGP public key_________


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[78031] in North American Network Operators' Group

Re: Vonage complains about VoIP-blocking

daemon@ATHENA.MIT.EDU (Jon Lewis)Wed Feb 16 10:48:55 2005

daemon@ATHENA.MIT.EDU (Jon Lewis)
Wed Feb 16 10:48:55 2005