Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[nynyny2]

Recently had an external security scan done on my DIR 655 and scan results are stating I have an accessible TFTP Server running.   

I've been through all the settings, and even upgraded to the latest firmware. Yet security scans are telling me I've got a TFTP Server running. Why would one be showing on the external interface, and how can I stop it?

[FurryNutz]

What security scans are you running? Are these 3rd party programs or a web site?

Link>What Firmware version is currently loaded? Found on routers web page under status.

[nynyny2]

Hardware Version: B1      Firmware Version: 2.10NA

External vendor (similar to SecurityMetrics, but not them). They're saying PORT 69 TFTP SERVER is running and directory traversal can occur.

[FurryNutz]

What do other sites report? Not all sites report the same and could lead to false positives.

[nynyny2]

Some free web-based services didn't report any ports open. But then I'm not sure how reliable they are.

If there's a device (like Ooma) running a TFTP server, would that cause the router to automatically open port 69 on the router? If yes, how can I tell what device is causing it to listen on port 69?

[FurryNutz]

You might install wireshark on your PC then do a capture and look for anything regarding the OOMA on the IP address it's assigned.

I would try different web sites to see. I trust Gibson Research as one site.

[nynyny2]

GRC reports nothing open, and an external online scanner using NMAP shows nothing as well.

But can you answer this; if a TFTP Server was running internally, does it automatically open port 69? I can't see why it would do this, or how (since it's just listening).

[FurryNutz]

http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol seems to use port 69.

You might run a scan test with and with out any other devices connected to the router to see if you get the same results.