problem
asked on
TFTP
What is a TFTP wrapper. I will like a technical but easy to follow description as to how it works.
Please indicate sites where I can get information installing and downloading a good TFTP wrapper program. For Either Linux and/or Unix.
Please indicate sites where I can get information installing and downloading a good TFTP wrapper program. For Either Linux and/or Unix.
I don't think that there is a dedicated tftp wrapper per se. But, there is a piece of software written by Wietse Venema called TCP Wrappers. They function like a firewall, meaning you can control who can or can't connect to your tftp service running on your machine. It also logs all attempts to connect to you tftp service. The way it works is that it's a small program that gets invoked when people connect to your tftp service. It decides if it will let the person use the tftp service or not based on a list that you create that has in it who can or can't connect. The little program also logs all connections. If you have a need for the tftp service to be active on your system, I highly recommend that you install tcp_wrappers on your machine. It's not only for tftp but also for telnet, ftp, etc. You can find the source code for tcp_wrappers and info about it here:
ftp://ftp.porcupine.org/pub/security/index.html
There are also a few free firewall packages out there which can give you the power to filter tcp.icmp,udp traffic as well. Here are a few links to them:
IPChains(Mainly for Linux):
http://www.rustcorp.com/linux/ipchains/
IPFilter :
http://coombs.anu.edu.au/~avalon/
Hope that helps.
ftp://ftp.porcupine.org/pub/security/index.html
There are also a few free firewall packages out there which can give you the power to filter tcp.icmp,udp traffic as well. Here are a few links to them:
IPChains(Mainly for Linux):
http://www.rustcorp.com/linux/ipchains/
IPFilter :
http://coombs.anu.edu.au/~avalon/
Hope that helps.
ASKER
deserna.. Your response was helpful, but I needed a nuts and bolts explanation up-front as to how the wrapper works.
What kind of configuration is need with the Unix System Files/ what files re affected. etc. etc.
What kind of configuration is need with the Unix System Files/ what files re affected. etc. etc.
1- You'll have to download TCP wrapper from the above link and install it by doing a configure;make;make install; after untaring it.
2- Second you'll have to edit your /etc/inetd.conf and
add the following:
tftp dgram udp wait root /usr/sbin/tcpd in.tftpd
3- Edit /etc/hosts.allow and put in the IP address of the hosts you want to have access to your tftp server.
Example:
tftp:hostname1,hostname2,123.4.4.4
A wrapper is in short a program which does the validation your source address against a list of allowed addresses prior to letting you access the services on ones system. So basicly, if you only hostA to access your system, HostB cannot connect to it to use the service. It's another layer of security sitting on top of the regular user/password authentication process.
You could also use the same TCP wrapper for other services such as telnet, ftp ... You could consult the manual for more details. It's too long to explain the nuts&bolts here.
2- Second you'll have to edit your /etc/inetd.conf and
add the following:
tftp dgram udp wait root /usr/sbin/tcpd in.tftpd
3- Edit /etc/hosts.allow and put in the IP address of the hosts you want to have access to your tftp server.
Example:
tftp:hostname1,hostname2,123.4.4.4
A wrapper is in short a program which does the validation your source address against a list of allowed addresses prior to letting you access the services on ones system. So basicly, if you only hostA to access your system, HostB cannot connect to it to use the service. It's another layer of security sitting on top of the regular user/password authentication process.
You could also use the same TCP wrapper for other services such as telnet, ftp ... You could consult the manual for more details. It's too long to explain the nuts&bolts here.
ASKER
Need more information/explanation as to the TCP wrapper .. examples will help..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
man tftp
I am running SCO OS5.0.5 and it has the man page.