[Asterisk-Users] Survey: Grandstream improvements.........
James Golovich
james at wwnet.net
Wed Oct 22 12:05:22 MST 2003
On Wed, 22 Oct 2003, John Todd wrote:
> The problem with TFTP is that it is neither authenticated NOR
> encryptable by nature. I have no issue with the lack of
> authentication if the files moved can be encrypted. This is a
> critically important point: sending out cleartext TFTP (or HTTP, for
> that matter) files across ANY network is ill-advised.
>
I'll add one potential problem to TFTP in the current internet as we know
it. With all the recent worms of this summer it has been many vendors
recommendations to block tftp. I've seen increasing number of cable/dsl
providers following these recomendations.
So over the public internet software/config grabbing with tftp could be a
potential problem
James
More information about the asterisk-users
mailing list