atangel
Now What??
Premium
join:2002-02-18
Bronx, NY | Duh
Just goes to prove that ISP Port blocking is a useless and stupid process. I mean, eventually, they'll have to block all the ports. Though everything would then be secure, wouldn't it? |
|
Dennis
Premium,Mod
join:2001-01-26
Algonquin, IL | wtf mate
Port 69 is already in use for TFTP...why the hell would they start using it for VOIP? |
|
krobar
Is this thing on?
join:2002-09-15
Columbus, OH | uhm
I thought I remembered this being posted in the morning newsbytes this morning.
--
Power corrupts. Absolute power is kinda neat. |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
 ·North State Commun..
| reply to Dennis
Re: wtf mate
said by Dennis  :
Port 69 is already in use for TFTP...why the hell would they start using it for VOIP?
Exactly my thoughts, does no one respect the RFCs anymore?
Ugh.
I'm glad this bit them in the ass. 
--
TripOnThis.net Administrator
"Security by obscurity is no security at all. Don't believe the hype." (c) MntlCase |
|
nxtw
join:2003-06-25
Akron, OH | why?
Why is AT&T using port 69 to begin with? Just because someone thought it was a "cool" number? |
|
Drunken_Monk
join:2003-01-28
Beverly Hills, CA | Couldnt think of a Catchy Title
I think its a cool number...  |
|
ropeguru
Premium
join:2001-01-25
Bridgeport, WV
clubs: | reply to Matt
Re: wtf mate
In the words of most of today's network newbies and MS trained people, "RFC? What the hell is an RFC?" |
|
sipuramktg
join:2003-10-03
San Jose, CA
1 edit | reply to Dennis
TFTP (port 69) is used to provision and provide firmware upgrades to the VoIP endpoint (analog phone adapter). TFTP is giving way to HTTP and HTTPS as the preferred method (by service providers) to manage VoIP end points. These protocols tend to work much better when a home or office network is supporting the VoIP endpoint connected to the LAN. CNET readers would have been better served if this information was included. |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| reply to ropeguru
said by ropeguru :
In the words of most of today's network newbies and MS trained people, "RFC? What the hell is an RFC?"
Hrmmm, I guess I would be an "MS trained" person, yet I know what an RFC is.
Matter of fact, that is a core subject of MS training.
What RFCs has MS broken?
--
TripOnThis.net Administrator
"Security by obscurity is no security at all. Don't believe the hype." (c) MntlCase |
|
rchandra
Stargate S G-1 And Atlantis Fan
Premium
join:2000-11-09
14225-2105
clubs:
| reply to sipuramktg
Also some network devices (cablemodems perhaps?) TFTP their configuration files from a server. Usually that would be the device using a dst UDP port of 69 (and something else for the src, meaning the dst UDP port for the server->dev traffic), but still...UDP port 69??? jeesh. What a screwup, AT&T.
--
English is a difficult enough language to interpret correctly when its rules are followed, let alone when a writer chooses not to follow those rules. Blog is here
Jeopardy! replies REALLY suck! |
|
jdmatl
join:2000-04-27
Deerfield Beach, FL
|  Somebody Will Get a promotion
The idiot that told the project team to use port 69 will get a raise and probably get promoted to Vice-President of "something".
I am sure those on the project team who said udp 69 is a RFC standard are getting pink slips as we speak.
Isn't AT&T trying to "prove" to the business world they know "networking" and internet infrastructure?
Good job guys, how about for the next project try using this unknown port, tcp 21. Better yet lets use this port tcp 443 that nobody uses, cause it is really high up in the numbers. |
|
DA
join:2002-04-13
Greenville, SC | You miss the point, like the poster above says they aren't using the port for anything unusual they are using TFTP to transfer config's and upgrade's. This is normal and ATT did nothing wrong by using it in this way. |
|
Jeremy341
Bye
Premium
join:2000-01-06
localhost
| reply to nxtw
Re: why?
said by nxtw :
Why is AT&T using port 69 to begin with?
Because that's the port you use for TFTP, which is what they're using it for... |
|
slasherx
join:2004-04-06
1 edit | reply to Matt
Re: wtf mate
That's because port 69 is used for tftp purposes on the CallVantage service. Read up more instead of blowing smoke. |
|
pinoy76
join:2003-11-08
Twentynine Palms, CA | reply to sipuramktg
I just spoke with a Vonage tech and was told that Vonage has a workaround for this issue. I just had my firmware upgraded, even though I use Adelphia Powerlink (one of the ISPs blocking port 69).
pinoy7 |
|
Matt
Take me down to the paradise city
Premium
join:2003-07-20
Jamestown, NC
·North State Commun..
| reply to slasherx
said by slasherx :
That's because port 69 is used for tftp purposes on the Vonage service. Read up more instead of blowing smoke.
I know port 69, UDP, is used for TFTP.
I am just questioning the usage of that port by a provider who SHOULD know it could be used for nefarious purposes.
Any VoIP provider should use an unregistered port for their "updates" until they feel they are established enough to register their own port.
Unless of course they own the network and can block the port, yet update firmware all the same.
It all goes back to the fact that you get what you pay for.
--
TripOnThis.net Administrator
"Security by obscurity is no security at all. Don't believe the hype." (c) MntlCase |
|
Prototype5
join:2003-09-24 | reply to DA
Re: Somebody Will Get a promotion
The CNET coverage is titled "Some VoIP calls being blocked"
If they are using TFTP only for firmware upgrades then why the disruption of service? |
|
Nightshade
sic semper tyrannis
Premium
join:2002-05-26
Salem, OR
| reply to atangel
Re: Duh
Yup, however I got one better on ya that would be more secure though and that is physically severing your computer's connection to the internet. Yank that phone line and cut that coax and only then will you be totally, utterly secure from the nasty threat that is the internet to your PC.
Just goes to show you can't never, ever be sure when it comes to securing and locking down your machine as best as possible.
Okay now that I am out of paranoid, sarcastic mode I do have a serious question.
Just how many ports are there?
--
Never Underestimate the Power of Human Stupidy |
|
Nightshade
sic semper tyrannis
Premium
join:2002-05-26
Salem, OR
| reply to Matt
Re: wtf mate
Hmmm...what the hell is an RFC?
It a computer acronym (gee, bet you didn't see that coming) that stands for Remote Function Call. It basically defines what the purpose is given to a port or range of ports. When you break an RFC you are plugging into a port that is not being used for its purpose.
and what RFCs has MS broken. Well, honestly....I have no clue how many because the Net+ Certified and the certification exam core test didn't have it.
But honestly, I would love to know how many just to get a good laugh.
--
Never Underestimate the Power of Human Stupidy |
|
slasherx
join:2004-04-06 | RFC stands for Requests For Comments. |
|
