On Tue, 15 Feb 2005, Rob Thomas wrote: > > Hi, Dan. > > ] Why block TFTP at your borders? To keep people from loading new versions of > ] IOS on your routers? ;) > > Funny you should mention that. :) We have seen miscreants do exactly > that. They will upgrade or downgrade routers to support a feature set > of their choosing. > > A lot of malware uses TFTP to update itself as well.
Didn't nachi setup a tftpd on infected systems and then use tftp to load itself onto systems it spread to? ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________