disable the tftp service on the firewalls?

iaminit · ‎05-09-2008

Is it possible to completely disable the TFTP service that runs on the netscreen firewalls? We have a security compliance software application that runs against the firewalls, and always reports a vulnerability finding with TFTP service running. Curious as to whether it can be disabled or shut off altogether?

firewall72 · ‎05-04-2008

Hi,

Juniper Firewalls don't typically run a TFTP service. I'm guessing you either have a MIP redirecting TFTP to another box running this service or maybe the wrong protocol is being reported. Are you sure it wasn't "Telnet" that is being reported? This provides management access, but doesn't encrypt the username and password. This is why SSH is recommended instead. You can remove this by Editing the Interface being audited and unchecking "telnet". I hope this helps.

-John

John Judge
JNCIS-SEC, JNCIS-ENT, JNCIA-IDP, JNCIA-JUNOS

If this solves your problem, please mark this post as "Accepted Solution". Kudos are appreciated.

shashlik · ‎02-20-2008

Juniper firewalls only have TFTP client built-in. No TFTP server.

Do you know how it's being determined that TFTP server is open?

Regards,

iaminit · ‎05-09-2008

The infosec dept has some type of ISS scanner that sweeps/scans the firewall itself, and this is what is came back with. It scanned other SSG's of the same model and code, so I'm curious as to why it flagged TFTP as being a vulberable service on this box.

shashlik · ‎02-20-2008

what platform and screenOS ver showed this issue?

Thanks,

disable the tftp service on the firewalls?

Re: disable the tftp service on the firewalls?

Re: disable the tftp service on the firewalls?

Re: disable the tftp service on the firewalls?

Re: disable the tftp service on the firewalls?