ssh, or other schemes of enhanced security...? mh
-----Message d'origine----- De : owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] De la part de Daniel Golding Envoyé : mardi 15 février 2005 23:39 À : Jason L. Schwab; Martin Hannigan Cc : nanog@merit.edu Objet : Re: Vonage complains about VoIP-blocking
Is there any move on the part of providers/manufacturers to use more secure protocols for this?
- Dan
On 2/15/05 5:22 PM, "Jason L. Schwab" <jlschwab@jlschwab.com> wrote:
Hi;
I unplugged and reset my vonage Motorola MTA device, and it
did tftp
to home to get its configs.
-Jason
-----Original Message----- From: owner-nanog@merit.edu [mailto:owner-nanog@merit.edu] On Behalf Of Hannigan, Martin Sent: Tuesday, February 15, 2005 3:14 PM To: 'Jay Hennigan' Cc: Eric Gauthier; nanog@merit.edu Subject: RE: Vonage complains about VoIP-blocking
-----Original Message----- From: Jay Hennigan [mailto:jay@west.net] Sent: Tuesday, February 15, 2005 5:10 PM To: Hannigan, Martin Cc: Eric Gauthier; nanog@merit.edu Subject: RE: Vonage complains about VoIP-blocking
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Something else to consider. We block TFTP at our border for security reasons and we've found that this prevents Vonage from working. Would this mean that LEC's can't block TFTP?
Was that a device trying to phone home and get it's configs? Cisco, Nortel, etc. phone home and get configs via tftp.
Vonage doesn't need to phone home for config. The device is programmed (router) and it registers with the call manager. If you analyze the transactions it's about 89% SIP and 11% SDP.
Vonage devices initiate an outbound TFTP connection back to Vonage to snarf their configs on initial connection and also (presumably) on reboot.
I tested the reboot. I didn't see it. I agree in general and think that providers shouldn't block tftp, IMHO.
-- Daniel Golding Network and Telecommunications Strategies Burton Group