Vonage complains about VoIP-blocking

Michael Hallgren m.hallgren at free.fr
Tue Feb 15 22:50:36 UTC 2005


> 
> On Tue, 15 Feb 2005, Hannigan, Martin wrote:
> 
> > > On Tue, 15 Feb 2005, Hannigan, Martin wrote:
> > >
> > > > > Something else to consider.  We block TFTP at our border for 
> > > > > security reasons and we've found that this prevents 
> Vonage from 
> > > > > working.
> >
> > > Vonage devices initiate an outbound TFTP connection back 
> to Vonage 
> > > to snarf their configs on initial connection and also
> > > (presumably) on reboot.
> >
> > I tested the reboot. I didn't see it. I agree in general and think 
> > that providers shouldn't block tftp, IMHO.
> 
> Traditionally, tftp has been used by networks as a 
> configuration/boot mechanism of their local equipment, with 
> customers rarely using it (at least, thats been my experience).
.

> 
> Hence, most people writing the acls are concerned with 
> protecting their own equipment, and getting the most out of 
> their routers.  Having acls that block all tftp except from 
> your management IPs is a lot easier than acls that block all 
> tftp to your tftpable devices except from your management IPs.


.


> 
> Introducing new devices that are intended to trust that big, 
> bad, easily spoofable internet using non-secured protocols 
> such as tftp in order to get their configuration from a 
> non-local server shows a degree of trust not seen since the 
> Famous Five, the BabySitters Club and pre '96 O'Reilly books 
> on writing internet protocols.

:)

mh

> 
> --==--
> Bruce.
> 
> 






More information about the NANOG mailing list