03-08-2002
BOOTP and TFTP offer almost no security whatsoever. (What they do )They basically provide their information to anybody who asks and solely rely on the assumption that your network is configured to not make the server world-accessable. If you install BOOTP gateways, then this assumption is seriously violated. Also, TFTP server are usually accessible from just about everywhere. You can try to dimish the impact of this problem by blocking BOOTP and TFTP packes from leaving or entering your network segment, but this will never be a completely secure solution.
Thus you should always assume that all of the files that your BOOTP and TFTP server offer are world readable. They must not contain any sensitive data. Also, the TFTP daemon must be configured to only allow access to selected files. Running it in a chroot'd environment might be a very good idea.
The BOOTP protocol is vulnerable against somebody else impersonating as a BOOTP server. While security aware operating systems, prevent non-priviledged users from starting their own BOOTP servers, other operating systems do not allow this. This means, if any of your users can launch an arbitrary program under an insecure operating system on an arbitrary machine connected to your ethernet segment, then they have full control over the BOOTP boot process.
Hope you understand what BOOTP/TFTP do..
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
ok, I configured inetd.conf so that the tftp string
is not commented out, but I cannot get the process to start.
I'm running Solaris 5.8 and need some help.
Cabletron said that it's process is 3485, i tried to kill it, it's the wrong process. I started inetd again and still can't kill it.
i... (15 Replies)
Discussion started by: veitcha
15 Replies
2. UNIX for Dummies Questions & Answers
Im trying to help my professor at school, were trying to setup a linux server, that is configured with bootp/tftp/PXE. the client computer NICs have support to boot off PXE. What we would like to do is if a client computer does not have an OS, it would boot off the server, and display a menu to the... (1 Reply)
Discussion started by: kwalick
1 Replies
3. UNIX for Dummies Questions & Answers
Is it possible to copy files between two computers with TFTP.And how? (1 Reply)
Discussion started by: bericica
1 Replies
4. Linux
Please m new around here! Can anyone take me thru implementing bootp on my thin clients via my central server?
Preciate ur assistance. Thanks folks! (2 Replies)
Discussion started by: chuk_uka
2 Replies
5. UNIX for Dummies Questions & Answers
ive been trying to enable a tftp service on a unix box
using the command atftpd --daemon
but when i scan the open ports using nmap it doesnt show that port 21 as up
does anyone know the reason...
ive tried /etc/init.d/atftpd start , it didnt work
if i type atftpd by it self it gives me a set... (2 Replies)
Discussion started by: ratamahatta
2 Replies
6. SCO
Dear All;
I need help in configuring the BOOTP server, I have found something on internet forums regarding the file: bootptab and editing some lines but Im not if they are all correct.
Also, I need help to configure my clients (UNIX) to boot up with this bootp server(UNIX).
I will be... (1 Reply)
Discussion started by: amirzandi
1 Replies
7. AIX
I have a 43p 120 (7248-120) which I am trying to install AIX 5.2 on. I have built a Nimol server on a Linux PC running SUSE LES 10. I have setup the 43p to perfom a network boot (BOOTP) and all the addresses in the network settings under SMS are set to 0.0.0.0. When I power up the 43p it... (15 Replies)
Discussion started by: johnf
15 Replies
8. UNIX for Dummies Questions & Answers
Hi
I am trying to do a network install of Solaris 10 08_07 onto a Sunfire T2000. I have configured all my network-boot-arguments on the client server (named sundb1). I have installed my image of Solaris on my install server (sun1).
But when I try to install using
# boot net -s
I get the... (0 Replies)
Discussion started by: Bobby76
0 Replies
9. Linux
I have setup nimol on a Fedora 9 machine. Nimol is installed and correctly configured and I have a client rs6000 (43p) declared in the dhcpd.conf file. all is running correctly and tftp is installed. I am monitoring /var/log/messages when I start the 43p and see the dhcp request come in and a reply... (0 Replies)
Discussion started by: johnf
0 Replies
10. Solaris
i find a solution (2 Replies)
Discussion started by: shady_2005
2 Replies
BOOTP(8) System Manager's Manual BOOTP(8)
NAME
bootp, rarpd, tftpd - Internet booting
SYNOPSIS
ip/bootp [-d]
ip/rarpd [-d] [-e etherdev]
ip/tftpd [-dr] [-h homedir]
DESCRIPTION
These programs support booting over the Internet. They should all be run on the same server to allow other systems to be booted. Bootp
and tftpd are used to boot everything; rarpd is an extra piece just for Suns.
Bootp passes to Plan 9 systems their IP address, IP mask, default boot file, default file server, default authentication server, and
default gateway. These come from the network database file attributes ip, ipmask, bootf, fs, auth, and ipgw attributes respectively (see
ndb(6) and ndb(8)). The attributes come from the entry for the system, its subnet, and its network with the system entry having prece-
dence, subnet next, and network last. Bootp will answer requests only if it has been specifically targeted or if it has read access to the
boot file for the requester. The -d option causes debugging to be printed to standard output.
Rarpd performs the Reverse Address Resolution Protocol, translating Ethernet addresses into IP addresses. The options are:
d print debugging to standard output
e use the Ethernet mounted at /net/etherdev
Tftpd transfers files to systems that are booting. It runs as user none and can only access files with global read permission. The
options are:
d print debugging to standard output
h change directory to homedir. The default is /lib/tftpd. All requests for files with non-rooted file names are served starting at
this directory with the exception of files of the form xxxxxxxx.SUNyy. These are Sparc kernel boot files where xxxxxxxx is the hex
IP address of the machine requesting the kernel and yy is an architecture identifier. Tftpd looks up the file in the network data-
base using ipinfo (see ndb(2)) and responds with the boot file specified for that particular machine. If no boot file is specified,
the transfer fails. Tftpd supports only octet mode.
r restricts access to only files rooted in the homedir.
SOURCE
/sys/src/cmd/ip
SEE ALSO
ndb(6)
BOOTP(8)