tftp problem

[matt38]

Hello,

One year ago, I setted up a rule which allows tftp between a secureplatform FW-1 and the smartcenter server (win2K). I used it for backup purpose.(manual)
But this week I try to backup my SPLAT and it didn't work anymore!
I see in the logs that packets using high udp port are dropped.
I tried several solution:
- new tftp server: NOK
- allowing high udp port: OK
- reducing size of the backup file: OK

the original tgz file is about 15Mb, and it worked well with a 8Mb file.(only tftp service allowed)
I don't understand why? any idea?

++

[Sergej]

I think this can be related to

Quote:

TFTPD32 Request Error Message Format String Protection: TFTPD32 is a
freeware TFTP server designed for Microsoft Windows operating systems. A
vulnerability has been identified in TFTPD32, specifically in the
processing of Get requests containing a malformed filename. An attacker
capable of sending a specially crafted filename can cause a vulnerable
application to execute code or to crash. The Update enables the HTTP Worm
Catcher to detect and block the vulnerability based on pre-defined worm
signatures. The update applies to users of InterSpect NGX only.
For more information, read CPAI-2006-027 at:
http://www.checkpoint.com/defense/ad...ai-13-Mar.html

Try to disable SmartDefence rule.

[matt38]

smartdefense is already disabled...
Could it be a version issue? Our version is HFA_04 for IPSO 3.8.

[chillyjim]

You should really upgrade but that's not your issue.

You've gone over the size limit of a tftp connection. Time to switch to SCP or clean up your logs.