Vonage complains about VoIP-blocking

• Previous message (by thread): Vonage complains about VoIP-blocking
• Next message (by thread): Vonage complains about VoIP-blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> Why block TFTP at your borders? To keep people from loading new versions of
> IOS on your routers? ;)
> 
> Not trying to be flippant, but what's the basis for this?

This is a really good question :)

In our particular case, it was not to protect the network as others suggested.
We do ACL our equipment, keep updated code, use private IPs were necessary,
etc.  We're a University network, but we're not completely insane ;)  Of course
we don't let random hosts TFTP to our gear...

A while ago (18 months maybe?) our security team argued that filtering 
TFTP connections between subnets on our campus would slow down the spread of
computer worms/viruses as many were using TFTP as part of their propogation 
vector.  The decision was made that the trade off between the end-to-end 
principle (we didn't have a good counter at the time citing a particular
application that was used and would break) and helping contain virus outbreaks 
was worth filtering, so the filter was put into place.  No one has complained
yet, so the filter has stayed in place.

Eric :)

• Previous message (by thread): Vonage complains about VoIP-blocking
• Next message (by thread): Vonage complains about VoIP-blocking
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]