Jun 1, 2016 - A weaponized version of the TFTP attack script began circulating around. Normally only LAN accessible and listen on UDP port 69 by default. TFTP over Firewall: How to get it working. Requesting the file, the client sends TFTP RRQ packet from a random UDP port to UDP 69 port of the TFTP server. As far as the packet is being sent from more protected network to the less protected one, firewall sends it to TFTP server. Transmitting the file, firewall adds to the table of.
I have a business customer who is using a DLink DIR-825 router. Due to the nature of their transaction, the customer needs to be PCI compliant, and is using Security Metrics (securitymetrics.com) to scan their internet port for vulnerabilities.Description: TFTP Traversal Arbitrary File Access
Synopsis: The remote TFTP server can be used to read arbitrary files on the remote host
Impact: The TFTP (Trivial File Transfer Protocol) server running on the remote host is vulnerable to a directory traversal attack that allows an attacker to read arbitrary files on the remote host by prepending their names with directory traversal sequences.
![Tftp tcp or udp Tftp tcp or udp](/uploads/1/2/5/8/125835945/466034460.png)
Resolution: Disable the remote TFTP daemon, run it in a chrooted environment, or filter incoming traffic to this port.
Risk Factor: High/ CVSS2 Base Score: 10.0
The router has the latest version of firmware/hardware. Last night I went into the advanced settings for the DLink Router, clicked on virtual server, selected port 69 and UDP and selected schedule = Never and Inbound Filter = Deny All
Yet, the security scan has failed.
I am not sure what else should I change/configure on this router in order to disable the TFTP process. It is certainly not needed, so it can be terminated any time.
Any ideas and assistance would be very much appreciated. Thank you.