• Welcome to Tux Reports: Where Penguins Fly. We hope you find the topics varied, interesting, and worthy of your time. Please become a member and join in the discussions.

Access violation error

A

antares

Flightless Bird
Standard TFTP client, command-line interface, when I tried to download file
from server, got Access violation error:


C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin

Transfering file abcc.bin from server in octet mode...
Error occurred during the file transfer (Error code = 2):
Access violation
-------
How to overcome the issue and download file?
 
P

Paul

Flightless Bird
antares wrote:
> Standard TFTP client, command-line interface, when I tried to download
> file from server, got Access violation error:
>
>
> C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin
>
> Transfering file abcc.bin from server in octet mode...
> Error occurred during the file transfer (Error code = 2):
> Access violation
> -------
> How to overcome the issue and download file?

First, study the protocol, and understand how it can fail.
For the protocol to work over the Internet, you'd have to
look at any NAT translation issues. The server side might
need port forwarding to port 69.

http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol

A copy of Wireshark can be used to "watch" the transfer, see
if the protocol is working as you expect or not. The timing
of when packets are sent (i.e. seeing a timeout interval
between attempts), can also help provide you with evidence
of where a failure might be.

http://en.wikipedia.org/wiki/Wireshark

Looking at the Wikipedia article, the TFTP program is
too simple minded to be used to debug where the problem
may be.

http://www.tftp-server.com/tftp_server_configuration.html

"It makes hard to specify firewall rules permitting
traffic to TFTP Server."

http://tools.ietf.org/html/rfc1350

"Most errors cause termination of the connection. An error is
signalled by sending an error packet. This packet is not
acknowledged, and not retransmitted (i.e., a TFTP server or user may
terminate after sending an error message), so the other end of the
connection may not get it. Therefore timeouts are used to detect
such a termination when the error packet has been lost.

Errors are caused by three types of events: not being able to
satisfy the request (e.g., file not found, access violation, or no such user),
receiving a packet which cannot be explained by a delay or
duplication in the network (e.g., an incorrectly formed packet), and
losing access to a necessary resource (e.g., disk full or access
denied during a transfer).

TFTP recognizes only one error condition that does not cause
termination, the source port of a received packet being incorrect.
In this case, an error packet is sent to the originating host.

This protocol is very restrictive, in order to simplify
implementation. For example, the fixed length blocks make allocation
straight forward, and the lock step acknowledgement provides flow
control and eliminates the need to reorder incoming data packets."

And the information here, makes it look like you may be receiving
an explicit error packet from the server. You can look at that
packet with Wireshark.

http://www.networksorcery.com/enp/protocol/tftp.htm

"Error codes:
...

2 Access violation"

HTH,
Paul
 
A

antares

Flightless Bird
"Paul" <nospam@needed.com> wrote in message
news:i5oko5$g7e$1@speranza.aioe.org...
> antares wrote:
> > Standard TFTP client, command-line interface, when I tried to download
> > file from server, got Access violation error:
> >
> >
> > C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin
> >
> > Transfering file abcc.bin from server in octet mode...
> > Error occurred during the file transfer (Error code = 2):
> > Access violation
> > -------
> > How to overcome the issue and download file?
>
> First, study the protocol, and understand how it can fail.
> For the protocol to work over the Internet, you'd have to
> look at any NAT translation issues. The server side might
> need port forwarding to port 69.
>
> http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
>
> A copy of Wireshark can be used to "watch" the transfer, see
> if the protocol is working as you expect or not. The timing
> of when packets are sent (i.e. seeing a timeout interval
> between attempts), can also help provide you with evidence
> of where a failure might be.
>
> http://en.wikipedia.org/wiki/Wireshark
>
> Looking at the Wikipedia article, the TFTP program is
> too simple minded to be used to debug where the problem
> may be.
>
> http://www.tftp-server.com/tftp_server_configuration.html
>
> "It makes hard to specify firewall rules permitting
> traffic to TFTP Server."
>
> http://tools.ietf.org/html/rfc1350
>
> "Most errors cause termination of the connection. An error is
> signalled by sending an error packet. This packet is not
> acknowledged, and not retransmitted (i.e., a TFTP server or user may
> terminate after sending an error message), so the other end of the
> connection may not get it. Therefore timeouts are used to detect
> such a termination when the error packet has been lost.
>
> Errors are caused by three types of events: not being able to
> satisfy the request (e.g., file not found, access violation, or no
such user),
> receiving a packet which cannot be explained by a delay or
> duplication in the network (e.g., an incorrectly formed packet), and
> losing access to a necessary resource (e.g., disk full or access
> denied during a transfer).
>
> TFTP recognizes only one error condition that does not cause
> termination, the source port of a received packet being incorrect.
> In this case, an error packet is sent to the originating host.
>
> This protocol is very restrictive, in order to simplify
> implementation. For example, the fixed length blocks make allocation
> straight forward, and the lock step acknowledgement provides flow
> control and eliminates the need to reorder incoming data packets."
>
> And the information here, makes it look like you may be receiving
> an explicit error packet from the server. You can look at that
> packet with Wireshark.
>
> http://www.networksorcery.com/enp/protocol/tftp.htm
>
> "Error codes:
> ...
>
> 2 Access violation"
>
> HTH,
> Paul
----------------

when I attempted to download config via TFTP, I tried sniff traffic with
Network protocol analyzer, but this doesn't help too much.

protocol IP source IP Destination
Port source Port destination Size
UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68 1053
69 91
UDP xxx.xxx.xxx.68 xx.xxx.xx.89
4626 1053 63

Can I get this Error code 2 "Access violation" in one of the following
cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path to
file required, not just file name, c) no permission to download config file.
Or in this cases, another error code will be shown?

Thanks.
 
A

antares

Flightless Bird
"antares" <antares@nospam.microsoft.com> wrote in message
news:eOKefUuSLHA.2064@TK2MSFTNGP05.phx.gbl...
>
> "Paul" <nospam@needed.com> wrote in message
> news:i5oko5$g7e$1@speranza.aioe.org...
> > antares wrote:
> > > Standard TFTP client, command-line interface, when I tried to
download
> > > file from server, got Access violation error:
> > >
> > >
> > > C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin
> > >
> > > Transfering file abcc.bin from server in octet mode...
> > > Error occurred during the file transfer (Error code = 2):
> > > Access violation
> > > -------
> > > How to overcome the issue and download file?
> >
> > First, study the protocol, and understand how it can fail.
> > For the protocol to work over the Internet, you'd have to
> > look at any NAT translation issues. The server side might
> > need port forwarding to port 69.
> >
> > http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
> >
> > A copy of Wireshark can be used to "watch" the transfer, see
> > if the protocol is working as you expect or not. The timing
> > of when packets are sent (i.e. seeing a timeout interval
> > between attempts), can also help provide you with evidence
> > of where a failure might be.
> >
> > http://en.wikipedia.org/wiki/Wireshark
> >
> > Looking at the Wikipedia article, the TFTP program is
> > too simple minded to be used to debug where the problem
> > may be.
> >
> > http://www.tftp-server.com/tftp_server_configuration.html
> >
> > "It makes hard to specify firewall rules permitting
> > traffic to TFTP Server."
> >
> > http://tools.ietf.org/html/rfc1350
> >
> > "Most errors cause termination of the connection. An error is
> > signalled by sending an error packet. This packet is not
> > acknowledged, and not retransmitted (i.e., a TFTP server or user may
> > terminate after sending an error message), so the other end of the
> > connection may not get it. Therefore timeouts are used to detect
> > such a termination when the error packet has been lost.
> >
> > Errors are caused by three types of events: not being able to
> > satisfy the request (e.g., file not found, access violation, or no
> such user),
> > receiving a packet which cannot be explained by a delay or
> > duplication in the network (e.g., an incorrectly formed packet), and
> > losing access to a necessary resource (e.g., disk full or access
> > denied during a transfer).
> >
> > TFTP recognizes only one error condition that does not cause
> > termination, the source port of a received packet being incorrect.
> > In this case, an error packet is sent to the originating host.
> >
> > This protocol is very restrictive, in order to simplify
> > implementation. For example, the fixed length blocks make
allocation
> > straight forward, and the lock step acknowledgement provides flow
> > control and eliminates the need to reorder incoming data packets."
> >
> > And the information here, makes it look like you may be receiving
> > an explicit error packet from the server. You can look at that
> > packet with Wireshark.
> >
> > http://www.networksorcery.com/enp/protocol/tftp.htm
> >
> > "Error codes:
> > ...
> >
> > 2 Access violation"
> >
> > HTH,
> > Paul
> ----------------
>
> when I attempted to download config via TFTP, I tried sniff traffic with
> Network protocol analyzer, but this doesn't help too much.
>
> protocol IP source IP Destination
> Port source Port destination Size
> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
1053
> 69 91
> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
> 4626 1053 63
>
> Can I get this Error code 2 "Access violation" in one of the following
> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path to
> file required, not just file name, c) no permission to download config
file.
> Or in this cases, another error code will be shown?
>
> Thanks.
-----------------

I tried to download and sniff more times, and find that on each attempt
sniffer return different Port Source and Port Destination:

UDP -> TFTP Port Source: 1113 Port Destination: 69
UDP Port Source: 2826 Port Destination: 1113

UDP -> TFTP Port Source: 1114 Port Destination: 69
UDP Port Source: 2833 Port Destination: 1114

UDP -> TFTP Port Source: 1115 Port Destination: 69
UDP Port Source: 2839 Port Destination: 1115
 
P

Paul

Flightless Bird
antares wrote:

>
> when I attempted to download config via TFTP, I tried sniff traffic with
> Network protocol analyzer, but this doesn't help too much.
>
> protocol IP source IP Destination
> Port source Port destination Size
> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68 1053
> 69 91
> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
> 4626 1053 63
>
> Can I get this Error code 2 "Access violation" in one of the following
> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path to
> file required, not just file name, c) no permission to download config file.
> Or in this cases, another error code will be shown?
>
> Thanks.
>

If you look at the actual packet coming back from the server, does
it show error 2 ? The packet format is defined here.

http://www.networksorcery.com/enp/protocol/tftp.htm

The Opcode value would be 0x05 (Error message).

The data would be 0x02 (Access violation), if the server
is returning an access violation error.

The problem could also be locally, when the tftp program is
run from the command prompt, and you don't have permission to
write in that directory, but somehow I doubt that is the problem.
And the error message in that case, might be reported in a
different way.

Paul
 
A

antares

Flightless Bird
"Paul" <nospam@needed.com> wrote in message
news:i5p5re$m0b$1@news.eternal-september.org...
> antares wrote:
>
> >
> > when I attempted to download config via TFTP, I tried sniff traffic with
> > Network protocol analyzer, but this doesn't help too much.
> >
> > protocol IP source IP Destination
> > Port source Port destination Size
> > UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
1053
> > 69 91
> > UDP xxx.xxx.xxx.68 xx.xxx.xx.89
> > 4626 1053 63
> >
> > Can I get this Error code 2 "Access violation" in one of the following
> > cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path
to
> > file required, not just file name, c) no permission to download config
file.
> > Or in this cases, another error code will be shown?
> >
> > Thanks.
> >
>
> If you look at the actual packet coming back from the server, does
> it show error 2 ? The packet format is defined here.
>
> http://www.networksorcery.com/enp/protocol/tftp.htm
>
> The Opcode value would be 0x05 (Error message).
>
> The data would be 0x02 (Access violation), if the server
> is returning an access violation error.
>
> The problem could also be locally, when the tftp program is
> run from the command prompt, and you don't have permission to
> write in that directory, but somehow I doubt that is the problem.
> And the error message in that case, might be reported in a
> different way.
>
> Paul
-------

here is how it look, I used PumpKIN Tftp:

http://img214.imageshack.us/img214/525/pic1ia.jpg
http://img521.imageshack.us/img521/183/pic2p.jpg
 
P

Paul

Flightless Bird
antares wrote:
> "Paul" <nospam@needed.com> wrote in message
> news:i5p5re$m0b$1@news.eternal-september.org...
>> antares wrote:
>>
>>> when I attempted to download config via TFTP, I tried sniff traffic with
>>> Network protocol analyzer, but this doesn't help too much.
>>>
>>> protocol IP source IP Destination
>>> Port source Port destination Size
>>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
> 1053
>>> 69 91
>>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
>>> 4626 1053 63
>>>
>>> Can I get this Error code 2 "Access violation" in one of the following
>>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path
> to
>>> file required, not just file name, c) no permission to download config
> file.
>>> Or in this cases, another error code will be shown?
>>>
>>> Thanks.
>>>
>> If you look at the actual packet coming back from the server, does
>> it show error 2 ? The packet format is defined here.
>>
>> http://www.networksorcery.com/enp/protocol/tftp.htm
>>
>> The Opcode value would be 0x05 (Error message).
>>
>> The data would be 0x02 (Access violation), if the server
>> is returning an access violation error.
>>
>> The problem could also be locally, when the tftp program is
>> run from the command prompt, and you don't have permission to
>> write in that directory, but somehow I doubt that is the problem.
>> And the error message in that case, might be reported in a
>> different way.
>>
>> Paul
> -------
>
> here is how it look, I used PumpKIN Tftp:
>
> http://img214.imageshack.us/img214/525/pic1ia.jpg
> http://img521.imageshack.us/img521/183/pic2p.jpg
>

In your pic2p.jpg , I can see "0005 0002" near the end of the
second line, and the descriptive text "Access Violation" is attached
on the end of the package for good measure. The server is denying
access to the file. Since the server can deny access
based on IP address filtering, perhaps the access control
on the server hasn't been set up correctly for what
you're trying to do.

Paul
 
A

antares

Flightless Bird
"Paul" <nospam@needed.com> wrote in message
news:i5panp$ijn$1@speranza.aioe.org...
> antares wrote:
> > "Paul" <nospam@needed.com> wrote in message
> > news:i5p5re$m0b$1@news.eternal-september.org...
> >> antares wrote:
> >>
> >>> when I attempted to download config via TFTP, I tried sniff traffic
with
> >>> Network protocol analyzer, but this doesn't help too much.
> >>>
> >>> protocol IP source IP Destination
> >>> Port source Port destination Size
> >>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
> > 1053
> >>> 69 91
> >>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
> >>> 4626 1053 63
> >>>
> >>> Can I get this Error code 2 "Access violation" in one of the
following
> >>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full
path
> > to
> >>> file required, not just file name, c) no permission to download config
> > file.
> >>> Or in this cases, another error code will be shown?
> >>>
> >>> Thanks.
> >>>
> >> If you look at the actual packet coming back from the server, does
> >> it show error 2 ? The packet format is defined here.
> >>
> >> http://www.networksorcery.com/enp/protocol/tftp.htm
> >>
> >> The Opcode value would be 0x05 (Error message).
> >>
> >> The data would be 0x02 (Access violation), if the server
> >> is returning an access violation error.
> >>
> >> The problem could also be locally, when the tftp program is
> >> run from the command prompt, and you don't have permission to
> >> write in that directory, but somehow I doubt that is the problem.
> >> And the error message in that case, might be reported in a
> >> different way.
> >>
> >> Paul
> > -------
> >
> > here is how it look, I used PumpKIN Tftp:
> >
> > http://img214.imageshack.us/img214/525/pic1ia.jpg
> > http://img521.imageshack.us/img521/183/pic2p.jpg
> >
>
> In your pic2p.jpg , I can see "0005 0002" near the end of the
> second line, and the descriptive text "Access Violation" is attached
> on the end of the package for good measure. The server is denying
> access to the file. Since the server can deny access
> based on IP address filtering, perhaps the access control
> on the server hasn't been set up correctly for what
> you're trying to do.
>
> Paul
------------

in that case, how cable modem get config file every time it boots?

thanks.
 
P

Paul

Flightless Bird
antares wrote:
> "Paul" <nospam@needed.com> wrote in message
> news:i5panp$ijn$1@speranza.aioe.org...
>> antares wrote:
>>> "Paul" <nospam@needed.com> wrote in message
>>> news:i5p5re$m0b$1@news.eternal-september.org...
>>>> antares wrote:
>>>>
>>>>> when I attempted to download config via TFTP, I tried sniff traffic
> with
>>>>> Network protocol analyzer, but this doesn't help too much.
>>>>>
>>>>> protocol IP source IP Destination
>>>>> Port source Port destination Size
>>>>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
>>> 1053
>>>>> 69 91
>>>>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
>>>>> 4626 1053 63
>>>>>
>>>>> Can I get this Error code 2 "Access violation" in one of the
> following
>>>>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full
> path
>>> to
>>>>> file required, not just file name, c) no permission to download config
>>> file.
>>>>> Or in this cases, another error code will be shown?
>>>>>
>>>>> Thanks.
>>>>>
>>>> If you look at the actual packet coming back from the server, does
>>>> it show error 2 ? The packet format is defined here.
>>>>
>>>> http://www.networksorcery.com/enp/protocol/tftp.htm
>>>>
>>>> The Opcode value would be 0x05 (Error message).
>>>>
>>>> The data would be 0x02 (Access violation), if the server
>>>> is returning an access violation error.
>>>>
>>>> The problem could also be locally, when the tftp program is
>>>> run from the command prompt, and you don't have permission to
>>>> write in that directory, but somehow I doubt that is the problem.
>>>> And the error message in that case, might be reported in a
>>>> different way.
>>>>
>>>> Paul
>>> -------
>>>
>>> here is how it look, I used PumpKIN Tftp:
>>>
>>> http://img214.imageshack.us/img214/525/pic1ia.jpg
>>> http://img521.imageshack.us/img521/183/pic2p.jpg
>>>
>> In your pic2p.jpg , I can see "0005 0002" near the end of the
>> second line, and the descriptive text "Access Violation" is attached
>> on the end of the package for good measure. The server is denying
>> access to the file. Since the server can deny access
>> based on IP address filtering, perhaps the access control
>> on the server hasn't been set up correctly for what
>> you're trying to do.
>>
>> Paul
> ------------
>
> in that case, how cable modem get config file every time it boots?
>
> thanks.
>

Would the packet header be the same, if the cable modem downloads
the configuration file, versus you attempting to download that
file from the LAN side of the modem ? Perhaps the MAC address
is being used for filtration ?

TFTP has no authentication as such, but a server could look
at the packet headers, to determine whether the device is
authorized.

Paul
 
A

antares

Flightless Bird
"Paul" <nospam@needed.com> wrote in message
news:i5pep1$mpv$1@speranza.aioe.org...
> antares wrote:
>> "Paul" <nospam@needed.com> wrote in message
>> news:i5panp$ijn$1@speranza.aioe.org...
>>> antares wrote:
>>>> "Paul" <nospam@needed.com> wrote in message
>>>> news:i5p5re$m0b$1@news.eternal-september.org...
>>>>> antares wrote:
>>>>>
>>>>>> when I attempted to download config via TFTP, I tried sniff traffic
>> with
>>>>>> Network protocol analyzer, but this doesn't help too much.
>>>>>>
>>>>>> protocol IP source IP Destination
>>>>>> Port source Port destination Size
>>>>>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
>>>> 1053
>>>>>> 69 91
>>>>>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
>>>>>> 4626 1053 63
>>>>>>
>>>>>> Can I get this Error code 2 "Access violation" in one of the
>> following
>>>>>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full
>> path
>>>> to
>>>>>> file required, not just file name, c) no permission to download
>>>>>> config
>>>> file.
>>>>>> Or in this cases, another error code will be shown?
>>>>>>
>>>>>> Thanks.
>>>>>>
>>>>> If you look at the actual packet coming back from the server, does
>>>>> it show error 2 ? The packet format is defined here.
>>>>>
>>>>> http://www.networksorcery.com/enp/protocol/tftp.htm
>>>>>
>>>>> The Opcode value would be 0x05 (Error message).
>>>>>
>>>>> The data would be 0x02 (Access violation), if the server
>>>>> is returning an access violation error.
>>>>>
>>>>> The problem could also be locally, when the tftp program is
>>>>> run from the command prompt, and you don't have permission to
>>>>> write in that directory, but somehow I doubt that is the problem.
>>>>> And the error message in that case, might be reported in a
>>>>> different way.
>>>>>
>>>>> Paul
>>>> -------
>>>>
>>>> here is how it look, I used PumpKIN Tftp:
>>>>
>>>> http://img214.imageshack.us/img214/525/pic1ia.jpg
>>>> http://img521.imageshack.us/img521/183/pic2p.jpg
>>>>
>>> In your pic2p.jpg , I can see "0005 0002" near the end of the
>>> second line, and the descriptive text "Access Violation" is attached
>>> on the end of the package for good measure. The server is denying
>>> access to the file. Since the server can deny access
>>> based on IP address filtering, perhaps the access control
>>> on the server hasn't been set up correctly for what
>>> you're trying to do.
>>>
>>> Paul
>> ------------
>>
>> in that case, how cable modem get config file every time it boots?
>>
>> thanks.
>>
>
> Would the packet header be the same, if the cable modem downloads
> the configuration file, versus you attempting to download that
> file from the LAN side of the modem ? Perhaps the MAC address
> is being used for filtration ?
>
> TFTP has no authentication as such, but a server could look
> at the packet headers, to determine whether the device is
> authorized.
>
> Paul
-----------------------------------


Can the TFTP server (run on Linux server) filter IP addresses? When I do
request with DHCP query tool, the Server response show, that IP address of
cable modem (PKT:YIAddr) is different from my IP address which shown in
computer's TCP/IP settings (and when check on web). The same for Gateway and
Subnet mask.

> Would the packet header be the same, if the cable modem downloads
> the configuration file, versus you attempting to download that
> file from the LAN side of the modem ?

How to determine this? Specifically, how to check the packet header when
cable modem downloads the config. file? I tried power off modem, wait, then
power on, but Network protocol analyzer didn't show traffic.
 
P

Paul

Flightless Bird
antares wrote:


> Can the TFTP server (run on Linux server) filter IP addresses? When I do
> request with DHCP query tool, the Server response show, that IP address
> of cable modem (PKT:YIAddr) is different from my IP address which shown
> in computer's TCP/IP settings (and when check on web). The same for
> Gateway and Subnet mask.

This server shows some filtering capability, to control what clients
have access. You can see an example of the configuration window for
the TFTP server in this picture. At the very least, this window shows
TCP/IP addresses.

http://www.tftp-server.com/images/srvconf_2.gif

>
>> Would the packet header be the same, if the cable modem downloads
>> the configuration file, versus you attempting to download that
>> file from the LAN side of the modem ?
>
> How to determine this? Specifically, how to check the packet header
> when cable modem downloads the config. file? I tried power off modem,
> wait, then power on, but Network protocol analyzer didn't show traffic.
>

It would be pretty difficult, because the packet from the cable modem,
would be converted to DOCSIS and immediately go over the cable TV wire
as an RF signal. Pretty hard to fit a packet sniffer there, unless you
have a way to eavesdrop on the cable signal. Most of the cable modem
conversation is encrypted, but at the point the configuration file
is being fetched, there is a good chance that is all in plaintext,
as the encryption would be set up at registration time. (The modem
downloads the config file, and registration is the next step in the
reverse direction. See some online CISCO documentation for example
details.)

Paul
 
A

antares

Flightless Bird
"Paul" <nospam@needed.com> wrote in message
news:i5r3md$ssv$1@speranza.aioe.org...
> antares wrote:
>
>
> > Can the TFTP server (run on Linux server) filter IP addresses? When I do
> > request with DHCP query tool, the Server response show, that IP address
> > of cable modem (PKT:YIAddr) is different from my IP address which shown
> > in computer's TCP/IP settings (and when check on web). The same for
> > Gateway and Subnet mask.
>
> This server shows some filtering capability, to control what clients
> have access. You can see an example of the configuration window for
> the TFTP server in this picture. At the very least, this window shows
> TCP/IP addresses.
>
> http://www.tftp-server.com/images/srvconf_2.gif
>
> >
> >> Would the packet header be the same, if the cable modem downloads
> >> the configuration file, versus you attempting to download that
> >> file from the LAN side of the modem ?
> >
> > How to determine this? Specifically, how to check the packet header
> > when cable modem downloads the config. file? I tried power off modem,
> > wait, then power on, but Network protocol analyzer didn't show traffic.
> >
>
> It would be pretty difficult, because the packet from the cable modem,
> would be converted to DOCSIS and immediately go over the cable TV wire
> as an RF signal. Pretty hard to fit a packet sniffer there, unless you
> have a way to eavesdrop on the cable signal. Most of the cable modem
> conversation is encrypted, but at the point the configuration file
> is being fetched, there is a good chance that is all in plaintext,
> as the encryption would be set up at registration time. (The modem
> downloads the config file, and registration is the next step in the
> reverse direction. See some online CISCO documentation for example
> details.)
>
> Paul
---------

some details not fully clear: so, based on query response, cable modem have
own IP address, own gateway and subnet mask, which have no any relationship
with network adapter's TCP/IP addressing? So theoretically, assume if we set
for PC network card static IP address which is in the same subnet with cable
modem, same gateway and mask, we can access server? We can't connect to the
Internet in this case though.
 
P

Paul

Flightless Bird
antares wrote:

>
> some details not fully clear: so, based on query response, cable modem have
> own IP address, own gateway and subnet mask, which have no any relationship
> with network adapter's TCP/IP addressing? So theoretically, assume if we set
> for PC network card static IP address which is in the same subnet with cable
> modem, same gateway and mask, we can access server? We can't connect to the
> Internet in this case though.
>

Sounds good in theory.

You should check into the history of this stuff. For example, this hack
from 2002.

http://web.archive.org/web/20020601130059/online.securityfocus.com/archive/82/261454

( http://www.securityfocus.com/news/353 )

There are even people doing firmware changes, to make a modem easier to hack.

http://www.roadrunnerguide.com/files/SIGMA-X2_128. Manual.pdf

It's all very amusing. But some time has passed, so it isn't likely
that the same techniques will still work now. How long could a cable
company stay in the Internet business, if every teenager has uncapped
the modem, leaving the less technically savvy running at 75 kbit/sec ?
I think someone would notice the imbalance. The head end equipment
can probably count bytes/sec and can tell the modem is not operating
within its profile.

Paul
 
You must log in or register to reply here.
Top