How To Turn Off TFTP? - Redhat

This is a discussion on How To Turn Off TFTP? - Redhat ; I noticed that I have TFTP running on my system even though I don't want it to. I can do this at command line and I get right on: tftp 127.0.0.1 I have RH9. Can you tell me what I ...

+ Reply to Thread
Results 1 to 12 of 12

Thread: How To Turn Off TFTP?

  1. How To Turn Off TFTP?

    I noticed that I have TFTP running on my system even though I don't
    want it to. I can do this at command line and I get right on:

    tftp 127.0.0.1

    I have RH9. Can you tell me what I can do to stop this? It's just one
    more exploit potential I don't need.

  2. Re: How To Turn Off TFTP?

    googlemike@hotpop.com (Google Mike) writes:
    >I noticed that I have TFTP running on my system even though I don't
    >want it to. I can do this at command line and I get right on:
    >
    >tftp 127.0.0.1
    >
    >I have RH9. Can you tell me what I can do to stop this? It's just one
    >more exploit potential I don't need.


    # chkconfig tftp off

    scott

  3. Re: How To Turn Off TFTP?

    In article , Scott Lurndal
    wrote:
    > googlemike@hotpop.com (Google Mike) writes:
    >>I noticed that I have TFTP running on my system even though I don't
    >>want it to. I can do this at command line and I get right on:
    >>
    >>tftp 127.0.0.1
    >>
    >>I have RH9. Can you tell me what I can do to stop this? It's just one
    >>more exploit potential I don't need.

    >
    > # chkconfig tftp off


    That only prevents it from starting at boot time or run-level change. In
    addition, you need:

    # service tftp stop

    Kevin

  4. Re: How To Turn Off TFTP?

    spamtotrash@toomuchfiction.com (Kevin Collins) writes:
    >In article , Scott Lurndal
    >wrote:
    >> googlemike@hotpop.com (Google Mike) writes:
    >>>I noticed that I have TFTP running on my system even though I don't
    >>>want it to. I can do this at command line and I get right on:
    >>>
    >>>tftp 127.0.0.1
    >>>
    >>>I have RH9. Can you tell me what I can do to stop this? It's just one
    >>>more exploit potential I don't need.

    >>
    >> # chkconfig tftp off

    >
    >That only prevents it from starting at boot time or run-level change. In
    >addition, you need:
    >
    ># service tftp stop


    No. tftp is an xinetd based service. chkconfig signals xinetd to
    re-read the configuration directory and xinetd will no longer listen
    on the tftp port. No reboot necessary.

    service only works with services that are started through scripts
    in /etc/rc.d/init.d, and there ain't no "/etc/rc.d/init.d/tftp".

    scott


  5. Re: How To Turn Off TFTP?

    In article , Scott Lurndal
    wrote:
    > spamtotrash@toomuchfiction.com (Kevin Collins) writes:
    >>In article , Scott Lurndal
    >>wrote:
    >>> googlemike@hotpop.com (Google Mike) writes:
    >>>>I noticed that I have TFTP running on my system even though I don't
    >>>>want it to. I can do this at command line and I get right on:
    >>>>
    >>>>tftp 127.0.0.1
    >>>>
    >>>>I have RH9. Can you tell me what I can do to stop this? It's just one
    >>>>more exploit potential I don't need.
    >>>
    >>> # chkconfig tftp off

    >>
    >>That only prevents it from starting at boot time or run-level change. In
    >>addition, you need:
    >>
    >># service tftp stop

    >
    > No. tftp is an xinetd based service. chkconfig signals xinetd to
    > re-read the configuration directory and xinetd will no longer listen
    > on the tftp port. No reboot necessary.
    >
    > service only works with services that are started through scripts
    > in /etc/rc.d/init.d, and there ain't no "/etc/rc.d/init.d/tftp".


    Sorry, you are correct - must have missed my caffeine fix that day...

    Kevin

  6. Re: How To Turn Off TFTP?

    scott@slp53.sl.home (Scott Lurndal) wrote in message
    > googlemike@hotpop.com (Google Mike) writes:
    > >I noticed that I have TFTP running on my system even though I don't
    > >want it to. I can do this at command line and I get right on:
    > >
    > >tftp 127.0.0.1
    > >
    > >I have RH9. Can you tell me what I can do to stop this? It's just one
    > >more exploit potential I don't need.

    >
    > # chkconfig tftp off
    >
    > scott


    Didn't seem to have an effect after running command and rebooting. I
    can still (on console) do "tftp 127.0.0.1" on RH9 and it responds
    locally.

  7. Re: How To Turn Off TFTP?

    On 22 Jul 2004 19:04:09 -0700, Google Mike wrote:
    >> # chkconfig tftp off

    > Didn't seem to have an effect after running command and rebooting. I
    > can still (on console) do "tftp 127.0.0.1" on RH9 and it responds
    > locally.


    try again with
    chkconfig --del tftp

  8. Re: How To Turn Off TFTP?

    In article , Bit Twister wrote:
    > On 22 Jul 2004 19:04:09 -0700, Google Mike wrote:
    >>> # chkconfig tftp off

    >> Didn't seem to have an effect after running command and rebooting. I
    >> can still (on console) do "tftp 127.0.0.1" on RH9 and it responds
    >> locally.

    >
    > try again with
    > chkconfig --del tftp


    As was already mentioned in response to my previous post, tftpd is run from
    xinetd. Running 'chkconfig --del tftp' will not do as tftpd is not started with
    any rc files that --del would delete.

    That assumes the system is setup in a "standard" fashion. If not, my previous
    suggestion of running 'service tftp stop' (after 'chkconfig tftp off') should
    have fixed the issue.

    Kevin

  9. Re: How To Turn Off TFTP?

    spamtotrash@toomuchfiction.com (Kevin Collins) wrote in message
    > As was already mentioned in response to my previous post, tftpd is run from
    > xinetd. Running 'chkconfig --del tftp' will not do as tftpd is not started with
    > any rc files that --del would delete.
    >
    > That assumes the system is setup in a "standard" fashion. If not, my previous
    > suggestion of running 'service tftp stop' (after 'chkconfig tftp off') should
    > have fixed the issue.
    >
    > Kevin


    "service tftp stop" doesn't seem to work for me either on RH9,
    unfortunately.

    Perhaps I could just do:

    su
    mv /etc/xinetd.d/tftp ../.

    ....I'll test and let you know what happens. BTW, tftp leaves an open
    port 69, although my local iptables firewall blocks that, but I still
    want to shut that down.

  10. Re: How To Turn Off TFTP?

    On 25 Jul 2004 00:01:30 -0700, googlemike@hotpop.com (Google Mike)
    wrote:

    >spamtotrash@toomuchfiction.com (Kevin Collins) wrote in message
    >> As was already mentioned in response to my previous post, tftpd is run from
    >> xinetd. Running 'chkconfig --del tftp' will not do as tftpd is not started with
    >> any rc files that --del would delete.
    >>
    >> That assumes the system is setup in a "standard" fashion. If not, my previous
    >> suggestion of running 'service tftp stop' (after 'chkconfig tftp off') should
    >> have fixed the issue.
    >>
    >> Kevin

    >
    >"service tftp stop" doesn't seem to work for me either on RH9,
    >unfortunately.
    >
    >Perhaps I could just do:
    >
    >su
    >mv /etc/xinetd.d/tftp ../.
    >
    >...I'll test and let you know what happens. BTW, tftp leaves an open
    >port 69, although my local iptables firewall blocks that, but I still
    >want to shut that down.


    Don't Move it, edit it. There should be a line DISABLED=no in it.
    Change it to DISABLED=yes

    grep for DISABLED in other things to get the syntax right. I don't
    have an RH9 box in front of me right now.


    ANyway, do that and then kill -HUP the pid for xinetd. You should
    also chmod 000 the tftpd command itself for added protection.

    Check the /etc/services file and comment out port 69 if it's there.
    --
    gburnore@databasix dot com
    ---------------------------------------------------------------------------
    How you look depends on where you go.
    ---------------------------------------------------------------------------
    Gary L. Burnore | ۳ݳ޳ݳۺݳ޳ݳݳ޳ݳ۳
    | ۳ݳ޳ݳۺݳ޳ݳݳ޳ݳ۳
    DataBasix | ۳ݳ޳ݳۺݳ޳ݳݳ޳ݳ۳
    | ۳ 3 4 1 4 2 ݳ޳ 6 9 0 6 9 ۳
    Black Helicopter Repair Svcs Division | Official Proof of Purchase
    ================================================== =========================
    Want one? GET one! http://signup.databasix.com
    ================================================== =========================

  11. Re: How To Turn Off TFTP?

    googlemike@hotpop.com (Google Mike) wrote in message news:<25d8d6a8.0407242224.264501d3@posting.google.com>...
    > spamtotrash@toomuchfiction.com (Kevin Collins) wrote in message
    > > As was already mentioned in response to my previous post, tftpd is run from
    > > xinetd. Running 'chkconfig --del tftp' will not do as tftpd is not started with
    > > any rc files that --del would delete.
    > >
    > > That assumes the system is setup in a "standard" fashion. If not, my previous
    > > suggestion of running 'service tftp stop' (after 'chkconfig tftp off') should
    > > have fixed the issue.
    > >
    > > Kevin

    >
    > "service tftp stop" doesn't seem to work for me either on RH9,
    > unfortunately.
    >
    > Perhaps I could just do:
    >
    > su
    > mv /etc/xinetd.d/tftp ../.
    >
    > ...I'll test and let you know what happens. BTW, tftp leaves an open
    > port 69, although my local iptables firewall blocks that, but I still
    > want to shut that down.


    Interesting. I read the xinetd manual page (man xinetd) to understand
    a little about why it exists and how it loads stuff. I thought by
    moving the tftp configuration file out of /etc/xinetd.d and into /etc
    might prevent it from loading, but I was wrong. The thing appears not
    able to be killed and anyone can still do:

    tftp 127.0.0.1

    ....locally on RH9 (perhaps other Linuxes as well) and still get
    connected, according to the tftp program. However, what's interesting
    is that I cannot do:

    telnet 127.0.0.1 69

    ....because it fails to see that port. And if I do:

    cd /etc/init.d
    ../iptables stop

    ....to stop the firewall temporarily, this thing lives, and if I do:

    cd /etc/init.d
    ../xinetd stop

    ....this thing still lives too. It even lets me do "get /etc/hosts" and
    it will drop the hosts file wherever you are at command-line, although
    for some reason this hosts file is empty, unlike my real one, which
    has entries.

    I'm beginning to think that the problem is really in the RH9 tftp
    client application, which, instead of erroring out when it cannot
    reach a host, it is giving the impression that one is connected and
    returns an incorrect status when you type:

    status

    ....instead the tftp command state.

    I guess what I have learned here is:

    * The tftp program may have a bug and may return a false status of
    connection when none exists.

    * xinetd does load tftp but has to be told to run it.

    * If you move the tftp file out of /etc/xinetd.d, then it cannot load
    it properly, but xinetd.conf needs to be told to run it in the first
    place. RH9 has this Services Control Panel that abstracts one from
    having to do this at command-line, and it shows me that tftp is not
    loaded.

    * If tftp is not checked in RH9 Services Control Panel to be loaded,
    then it is more than likely not loaded and you don't have an open port
    (69). Instead, you have a buggy tftp application.

  12. Re: How To Turn Off TFTP?

    In article <25d8d6a8.0407250509.2630d9d7@posting.google.com>, Google Mike wrote:
    > googlemike@hotpop.com (Google Mike) wrote in message news:<25d8d6a8.0407242224.264501d3@posting.google.com>...
    >> spamtotrash@toomuchfiction.com (Kevin Collins) wrote in message
    >> > As was already mentioned in response to my previous post, tftpd is run from
    >> > xinetd. Running 'chkconfig --del tftp' will not do as tftpd is not started with
    >> > any rc files that --del would delete.
    >> >
    >> > That assumes the system is setup in a "standard" fashion. If not, my previous
    >> > suggestion of running 'service tftp stop' (after 'chkconfig tftp off') should
    >> > have fixed the issue.
    >> >
    >> > Kevin

    >>
    >> "service tftp stop" doesn't seem to work for me either on RH9,
    >> unfortunately.
    >>
    >> Perhaps I could just do:
    >>
    >> su
    >> mv /etc/xinetd.d/tftp ../.
    >>
    >> ...I'll test and let you know what happens. BTW, tftp leaves an open
    >> port 69, although my local iptables firewall blocks that, but I still
    >> want to shut that down.

    >
    > Interesting. I read the xinetd manual page (man xinetd) to understand
    > a little about why it exists and how it loads stuff. I thought by
    > moving the tftp configuration file out of /etc/xinetd.d and into /etc
    > might prevent it from loading, but I was wrong. The thing appears not
    > able to be killed and anyone can still do:
    >
    > tftp 127.0.0.1
    >
    > ...locally on RH9 (perhaps other Linuxes as well) and still get
    > connected, according to the tftp program. However, what's interesting
    > is that I cannot do:


    This appears to be a "normal" tftp client behavior. I suspect it does not
    connect until you try to actually put or get a file. I verified the same
    behavior on RH9 and HP-UX 11.11...

    > telnet 127.0.0.1 69
    >
    > ...because it fails to see that port. And if I do:
    >
    > cd /etc/init.d
    > ./iptables stop


    Its faster and easier on RedHat to use the 'service' command:

    # service iptables stop

    > ...to stop the firewall temporarily, this thing lives, and if I do:
    >
    > cd /etc/init.d
    > ./xinetd stop
    >
    > ...this thing still lives too. It even lets me do "get /etc/hosts" and
    > it will drop the hosts file wherever you are at command-line, although
    > for some reason this hosts file is empty, unlike my real one, which
    > has entries.


    This also appears standard behavior. You have to understand that tftp is not
    ftp...

    Try this:

    # lsof -i TCP:69

    If you get nothing back, nothing is listening, meaning the service is NOT
    running.

    > I'm beginning to think that the problem is really in the RH9 tftp
    > client application, which, instead of erroring out when it cannot
    > reach a host, it is giving the impression that one is connected and
    > returns an incorrect status when you type:
    >
    > status


    Again, seems standard...

    > ...instead the tftp command state.
    >
    > I guess what I have learned here is:
    >
    > * The tftp program may have a bug and may return a false status of
    > connection when none exists.
    >
    > * xinetd does load tftp but has to be told to run it.


    True.

    > * If you move the tftp file out of /etc/xinetd.d, then it cannot load
    > it properly, but xinetd.conf needs to be told to run it in the first
    > place. RH9 has this Services Control Panel that abstracts one from
    > having to do this at command-line, and it shows me that tftp is not
    > loaded.
    >
    > * If tftp is not checked in RH9 Services Control Panel to be loaded,
    > then it is more than likely not loaded and you don't have an open port
    > (69). Instead, you have a buggy tftp application.


    Kevin

+ Reply to Thread