- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: TFTP servers restrict access to trusted source...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 03:58 AM
04-01-2010 03:58 AM
please look into below issue
The remote host has a TFTP server installed that is serving one or more sensitive HP Ignite-UX files.
These files potentially include sensitive information about the hardware and software configuration of the HPUX host, so should not be exposed to unnecessary
scrutiny.
Solution :
If it is not required, disable or uninstall the TFTP server. Otherwise restrict access to trusted sources only.
Please help me how to restrict access to trusted resources only.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 04:10 AM
04-01-2010 04:10 AM
Re: TFTP servers restrict access to trusted sources only.
http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
Because tftp has virtually no authentication, disabling tftp in /etc/inetd.conf is your only choice. That's one of the reasons that the name is "trivial". It is simply not a secure protocol and should never be routed into non-secure networks.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 04:11 AM
04-01-2010 04:11 AM
SolutionIf so, it's started by the HP-UX inetd, and therefore restrictable by the optional /var/adm/inetd.sec file. If the file does not exist, you can create it.
See "man inetd.sec" for more information.
For example, if you want to restrict it to networks 192.168.66.* and 10.1.*.* only, you might write a line like this to /var/adm/inetd.sec:
tftp allow 192.168.66.* 10.1.*
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 05:19 AM
04-01-2010 05:19 AM
Re: TFTP servers restrict access to trusted sources only.
please let me know what to be restarted after adding entries in inetd.sec file.
and how to check the tftp restrict access.
Regards,
Panneer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 05:37 AM
04-01-2010 05:37 AM
Re: TFTP servers restrict access to trusted sources only.
a) inetd.sec is / has been obsolete for two decades.
b) if you continue to use it, then you must restart the inetd daemon after any changes. To restart:
# inetd -c
c) tcp_wrappers has been used as a replacement to inetd.sec
http://www.linuxfromscratch.org/blfs/view/stable/basicnet/tcpwrappers.html
d) The default Ignite Servers setup is to work in only one subnet, as it is very easy to secure an internal subnet through the routers and gateways.
e) I don't see your concern for anonymous pulling igniting from your own servers in your own datacenter on your own internal subnets.
f) To enhance igniting over two subnets additional O/S patching and router enhancements called "Boot Helper" are required, see Page 80 of below, also see router manufacter for compatibility.
http://docs.hp.com/en/B2355-90970/apcs01.html
e) There is a Ignite registration procedure from the server that may or may not be enough security for you, see page 45 of above. I've used this procedure to push ignite out to clients, however, I think you are more interested in anonymous pulling clients and I don't know if this client registration is enough. When I've used it the Ignite server will automatically detect any new client within the current subnet only. And I'm not sure if auto detection of new clients works with Boot Helper.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 05:41 AM
04-01-2010 05:41 AM
Re: TFTP servers restrict access to trusted sources only.
telnet server 69
Connected? ( y/n )
tftp 69/tcp Trivial File Transfer
tftp 69/udp Trivial File Transfer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-01-2010 05:23 PM
04-01-2010 05:23 PM
Re: TFTP servers restrict access to trusted sources only.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-04-2010 12:03 AM
04-04-2010 12:03 AM
Re: TFTP servers restrict access to trusted sources only.
I have one more issue ,please look into below issue
SSL Version 2 (v2) Protocol Detection
Synopsis :
The remote service encrypts traffic using a protocol with known weaknesses.
Description :
The remote service accepts connections encrypted using SSL 2.0, which reportedly suffers from several cryptographic flaws and has been deprecated for several years. An attacker may be able to exploit
these issues to conduct man-in-the-middle attacks or decrypt communications between the affected service and clients.
Solution :
Consult the application's documentation to disable SSL 2.0 and use SSL 3.0 or TLS 1.0 instead.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
04-05-2010 05:14 AM
04-05-2010 05:14 AM
Re: TFTP servers restrict access to trusted sources only.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
03-24-2021 03:40 AM
03-24-2021 03:40 AM
Re: TFTP servers restrict access to trusted sources only.
Good morning,
Could somone please confirm whether the solution on this post above, is still the recommended way to implement fix for "restricting acces to trusted sources only" for the vulnerability below (which is being reported against one of our Server) ?
Plug-in: 19508 HP Ignite-UX TFTP File Access Information Disclosure "The remote TFTP daemon is serving potentially sensitive content" solution: disable the TFTP service or restrict access to trusted sources only