[Asterisk-Users] TFTP - Good or Bad?

Tzafrir Cohen tzafrir at cohens.org.il
Thu Aug 4 15:53:42 MST 2005 

On Fri, Aug 05, 2005 at 02:28:36AM +0900, Gary Guthary wrote:
> Hi Guys/Gals -
> 
> I don't post here often but I read with interest all the postings. - I've
> been on a lot of mailing lists, but this one is by far the most interesting.
> 
> I've been doing a lot of work with 'tftp' loading Cisco 79xx phones with
> firmware, configs. for asterisk, etc.
> 
> And I see where a lot of folks have trouble with 'tftp', use alternate port
> numbers (probably to get around firewall issues), etc. - And I've even seen
> where some folks complain that 'tftp' is one of the 'worst' protocols on the
> Internet.
> 
> At the end of this posting, I've included a little tid-bit on
> 'primary/alternate' 'tftp' servers for the Cisco 79xx phone setup.
> 
> This next part is mainly for 'newbies' who are new to asterisk & haven't got
> a clue as to what 'tftp' is. - Advanced users, geeks, etc., please disregard
> the next part if you want.
> 
> Apologize in advance if this is boring.
> 
> Going back to 'Networking 101', just exactly what is 'tftp'? - Is there any
> reason WHY it came into being in the first place?
> 
> 'tftp' stands for 'Trivial File Transfer Protocol'. - Unlike the more
> popular 'ftp' protocol, 'tftp' is considered 'non-secure'. - Meaning that no
> login name/password challenge is require. - The 'device' (computer, phone,
> whatever) sends a request to the 'tftp' server for the file & the server
> sends it. - Plain and simple.
> 
> 'tftp' also uses the 'UDP' (User Datagram Protocol). - The main difference
> between 'UDP' and 'TCP' is that 'UDP' uses NO ERROR CORRECTION. - No 'acks'
> & 'naks' to make sure all the packets arrive okay at the receiving end. -
> It's up the receiving end to make sure everything was received okay.

It also makes it relatively simpler for someone on the same LAN (mostly)
to fake being a tftp server for that client (or vice versa). A UDP
packet is generally more predictable, so if I wanted to send the phone
bogus firmware or bogus config, it would generally be easier for me than
if the server has read the files using, e.g. HTTP.

HTTP is simple, well-supported and supports all the "file transfers" 
operations TFTP supports.

-- 
Tzafrir Cohen         | tzafrir at jbr.cohens.org.il | VIM is
http://tzafrir.org.il |                           | a Mutt's  
tzafrir at cohens.org.il |                           |  best
ICQ# 16849755         |                           | friend

More information about the asterisk-users mailing list