issues with tftpd

To: netbsd-users%netbsd.org@localhost
Subject: issues with tftpd
From: Malcolm Herbert <mjch%mjch.net@localhost>
Date: Fri, 25 Jul 2008 22:46:45 +1000

I have a host running tftpd from inetd bound to all the host interfaces 
(ie, udp *.69). The host has a vr0 interface with a native IP of        
10.0.0.19 and an IP alias of 10.0.0.1                                   

I have set up dhcpd on another host (10.0.0.254) to have clients perform
a PXE boot from the TFTP daemon on the host via the 10.0.0.1 alias

As can be seen from http://www.mjch.net/pub/tftp/tftp.txt tftpd in this
configuration appears to begin data transfers to the tftp client from
10.0.0.19 rather than 10.0.0.1 that was used to begin the session.

If inetd is told to listen only to 10.0.0.1 and not bind to all
addresses, tftpd responses to clients are as expected ...

I have observed that the NetBSD tftp client doesn't seem to have a
problem that the data transfer is coming from the 'wrong' IP ... a
potential security threat looming, I suspect ... :)

Has anyone else noticed this behaviour? It took me quite some time to
work out why this brand new Eee PC 1000H wasn't booting until I realised
what was happening in the packet dump ... the PXE TFTP client in this
case is quite rightly dropping responses from IPs it wasn't expecting to
hear from ...

Regards,
Malcolm

-- 
Malcolm Herbert                                This brain intentionally
mjch%mjch.net@localhost                                                left 
blank

Prev by Date: Re: named exploit
Next by Date: Can I update from an NetBSD Daily Snapshot (4.99.xx) to future Releases like NetBSD 5.0?
Previous by Thread: named exploit
Next by Thread: Can I update from an NetBSD Daily Snapshot (4.99.xx) to future Releases like NetBSD 5.0?
Indexes:

Home | Main Index | Thread Index | Old Index