Solved

TFTP

Posted on 2000-03-29
6
572 Views
Last Modified: 2010-04-21
What is a TFTP wrapper.  I will like a technical but easy to follow description as to how it works.

Please indicate sites where I can get information installing and downloading a good TFTP wrapper program.  For Either Linux and/or Unix.
0
Comment
Question by:problem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 4

Expert Comment

by:Gtrist
ID: 2667259
Try the following:
man tftp
I am running SCO OS5.0.5 and it has the man page.
0
 
LVL 1

Expert Comment

by:dserna
ID: 2667380
I don't think that there is a dedicated tftp wrapper per se. But, there is a piece of software written by Wietse Venema called TCP Wrappers. They function like a firewall, meaning you can control who can or can't connect to your tftp service running on your machine. It also logs all attempts to connect to you tftp service. The way it works is that it's a small program that gets invoked when people connect to your tftp service. It decides if it will let the person use the tftp service or not based on a list that you create that has in it who can or can't connect. The little program also logs all connections. If you have a need for the tftp service to be active on your system, I highly recommend that you install tcp_wrappers on your machine. It's not only for tftp but also for telnet, ftp, etc. You can find the source code for tcp_wrappers and info about it here:

ftp://ftp.porcupine.org/pub/security/index.html

There are also a few free firewall packages out there which can give you the power to filter tcp.icmp,udp traffic as well. Here are a few links to them:

IPChains(Mainly for Linux):
http://www.rustcorp.com/linux/ipchains/

IPFilter :

http://coombs.anu.edu.au/~avalon/

Hope that helps.



0
 

Author Comment

by:problem
ID: 2669935
deserna.. Your response was helpful, but I needed a nuts and bolts explanation up-front as to how the wrapper works.

What kind of configuration is need with the Unix System Files/ what files re affected. etc. etc.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:n0thing
ID: 2671509
1- You'll have to download TCP wrapper from the above link and install it by doing a configure;make;make install; after untaring it.
2- Second you'll have to edit your /etc/inetd.conf and
add the following:
tftp      dgram      udp      wait      root      /usr/sbin/tcpd      in.tftpd
3- Edit /etc/hosts.allow and put in the IP address of the hosts you want to have access to your tftp server.
Example:
tftp:hostname1,hostname2,123.4.4.4

A wrapper is in short a program which does the validation  your source address against a list of allowed addresses prior to letting you access the services on ones system. So basicly, if you only hostA to access your system, HostB cannot connect to it to use the service. It's another layer of security sitting on top of the regular user/password authentication process.
You could also use the same TCP wrapper for other services such as telnet, ftp ... You could consult the manual for more details. It's too long to explain the nuts&bolts here.


0
 

Author Comment

by:problem
ID: 2684662
Need more information/explanation as to the TCP wrapper .. examples will help..
0
 
LVL 2

Accepted Solution

by:
festive earned 250 total points
ID: 2685744
The TCP WRAPPER program as suggested above is a program that you use to replace your existing service handler for a particular service.

Some examples of these are in.tfptd, in.telnetd, in.rlogind.

The way it works is by masquerading as the service that you replace and using two configuration files (hosts.allow and hosts.deny) to regulate who can connect to the service.

A typical example of this use (which can be implemented on some/most of the services in your inetd.conf file is to "WRAP" a service like tftp (as discussed above).

The impact that this will have (after you configure your /etc/hosts.allow and /etc/hosts.deny is to restrict access to those services (ie the ones that you have configured) to only IP addresses/hosts mentioned in the /etc/hosts.allow file.

I believe that the line mentioned (for the hosts.allow file should read "in.tftpd:<ipaddress>,<orhostname>"
(note the in.tftpd).
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OpenLDAP Proxy to Active Directy 6 452
Correct syntax to upload file in a script using sftp 2 97
MarkLogic 1 99
how to send mail in unix 2 16
Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question