Vonage complains about VoIP-blocking
Michael Hallgren
m.hallgren at free.fr
Tue Feb 15 22:50:36 UTC 2005
>
> On Tue, 15 Feb 2005, Hannigan, Martin wrote:
>
> > > On Tue, 15 Feb 2005, Hannigan, Martin wrote:
> > >
> > > > > Something else to consider. We block TFTP at our border for
> > > > > security reasons and we've found that this prevents
> Vonage from
> > > > > working.
> >
> > > Vonage devices initiate an outbound TFTP connection back
> to Vonage
> > > to snarf their configs on initial connection and also
> > > (presumably) on reboot.
> >
> > I tested the reboot. I didn't see it. I agree in general and think
> > that providers shouldn't block tftp, IMHO.
>
> Traditionally, tftp has been used by networks as a
> configuration/boot mechanism of their local equipment, with
> customers rarely using it (at least, thats been my experience).
.
>
> Hence, most people writing the acls are concerned with
> protecting their own equipment, and getting the most out of
> their routers. Having acls that block all tftp except from
> your management IPs is a lot easier than acls that block all
> tftp to your tftpable devices except from your management IPs.
.
>
> Introducing new devices that are intended to trust that big,
> bad, easily spoofable internet using non-secured protocols
> such as tftp in order to get their configuration from a
> non-local server shows a degree of trust not seen since the
> Famous Five, the BabySitters Club and pre '96 O'Reilly books
> on writing internet protocols.
:)
mh
>
> --==--
> Bruce.
>
>
More information about the NANOG
mailing list