"authenticated tftp"

Maxim Konovalov maxim at macomnet.ru
Fri Jul 25 10:53:49 PDT 2003

On Fri, 25 Jul 2003, 13:22-0400, Robert Watson wrote:

> Yeah, seems like an oxy-moron, but this is a legitimate question, I
> promise.  My linksys wireless router requires me to disable the admin
> password on it to tftp a firmware update to it--however, the Windows tftp
> client that Linksys ships appear to support some form of "Oh yeah, and
> here's a password".  It probably really doesn't make a difference
> security-wise, but it would be a lot more convenient to update wireless
> routers if our tftp client spoke whatever extension they use to carry the
> password.  Does anyone know anything about that protocol extension, or if
> there are existing tweaks to add it to our tftp?  (I saw nothing in the
> man page).  If there's a pointer to the on-the-write bits, I can always
> stick it in myself, but I have yet to find one.

There are several tftp extension that NetBSD folk integrated to their
tftpd/tftp recently.  IIRC they were

2347 TFTP Option Extension. G. Malkin, A. Harkin. May 1998. (Format:
2348 TFTP Blocksize Option. G. Malkin, A. Harkin. May 1998. (Format:
2349 TFTP Timeout Interval and Transfer Size Options. G. Malkin, A.

I know nothing about auth extension yet but the protocol is quite
simple (trivial :-)) and if you get a dump of udp session between the
router and windows tftp client it would be easy incorporate this one.

Maxim Konovalov, maxim at macomnet.ru, maxim at FreeBSD.org

More information about the freebsd-current mailing list