16 Feb
2005
16 Feb
'05
3:47 p.m.
On Tue, 15 Feb 2005, Rob Thomas wrote:
Hi, Dan.
] Why block TFTP at your borders? To keep people from loading new versions of ] IOS on your routers? ;)
Funny you should mention that. :) We have seen miscreants do exactly that. They will upgrade or downgrade routers to support a feature set of their choosing.
A lot of malware uses TFTP to update itself as well.
Didn't nachi setup a tftpd on infected systems and then use tftp to load itself onto systems it spread to? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________