1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Access violation error

Discussion in 'Windows XP' started by antares, Sep 2, 2010.

  1. antares

    antares Flightless Bird

    Standard TFTP client, command-line interface, when I tried to download file
    from server, got Access violation error:


    C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin

    Transfering file abcc.bin from server in octet mode...
    Error occurred during the file transfer (Error code = 2):
    Access violation
    -------
    How to overcome the issue and download file?
     
  2. Paul

    Paul Flightless Bird

    antares wrote:
    > Standard TFTP client, command-line interface, when I tried to download
    > file from server, got Access violation error:
    >
    >
    > C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin
    >
    > Transfering file abcc.bin from server in octet mode...
    > Error occurred during the file transfer (Error code = 2):
    > Access violation
    > -------
    > How to overcome the issue and download file?


    First, study the protocol, and understand how it can fail.
    For the protocol to work over the Internet, you'd have to
    look at any NAT translation issues. The server side might
    need port forwarding to port 69.

    http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol

    A copy of Wireshark can be used to "watch" the transfer, see
    if the protocol is working as you expect or not. The timing
    of when packets are sent (i.e. seeing a timeout interval
    between attempts), can also help provide you with evidence
    of where a failure might be.

    http://en.wikipedia.org/wiki/Wireshark

    Looking at the Wikipedia article, the TFTP program is
    too simple minded to be used to debug where the problem
    may be.

    http://www.tftp-server.com/tftp_server_configuration.html

    "It makes hard to specify firewall rules permitting
    traffic to TFTP Server."

    http://tools.ietf.org/html/rfc1350

    "Most errors cause termination of the connection. An error is
    signalled by sending an error packet. This packet is not
    acknowledged, and not retransmitted (i.e., a TFTP server or user may
    terminate after sending an error message), so the other end of the
    connection may not get it. Therefore timeouts are used to detect
    such a termination when the error packet has been lost.

    Errors are caused by three types of events: not being able to
    satisfy the request (e.g., file not found, access violation, or no such user),
    receiving a packet which cannot be explained by a delay or
    duplication in the network (e.g., an incorrectly formed packet), and
    losing access to a necessary resource (e.g., disk full or access
    denied during a transfer).

    TFTP recognizes only one error condition that does not cause
    termination, the source port of a received packet being incorrect.
    In this case, an error packet is sent to the originating host.

    This protocol is very restrictive, in order to simplify
    implementation. For example, the fixed length blocks make allocation
    straight forward, and the lock step acknowledgement provides flow
    control and eliminates the need to reorder incoming data packets."

    And the information here, makes it look like you may be receiving
    an explicit error packet from the server. You can look at that
    packet with Wireshark.

    http://www.networksorcery.com/enp/protocol/tftp.htm

    "Error codes:
    ...

    2 Access violation"

    HTH,
    Paul
     
  3. antares

    antares Flightless Bird

    "Paul" <nospam@needed.com> wrote in message
    news:i5oko5$g7e$1@speranza.aioe.org...
    > antares wrote:
    > > Standard TFTP client, command-line interface, when I tried to download
    > > file from server, got Access violation error:
    > >
    > >
    > > C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin
    > >
    > > Transfering file abcc.bin from server in octet mode...
    > > Error occurred during the file transfer (Error code = 2):
    > > Access violation
    > > -------
    > > How to overcome the issue and download file?

    >
    > First, study the protocol, and understand how it can fail.
    > For the protocol to work over the Internet, you'd have to
    > look at any NAT translation issues. The server side might
    > need port forwarding to port 69.
    >
    > http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
    >
    > A copy of Wireshark can be used to "watch" the transfer, see
    > if the protocol is working as you expect or not. The timing
    > of when packets are sent (i.e. seeing a timeout interval
    > between attempts), can also help provide you with evidence
    > of where a failure might be.
    >
    > http://en.wikipedia.org/wiki/Wireshark
    >
    > Looking at the Wikipedia article, the TFTP program is
    > too simple minded to be used to debug where the problem
    > may be.
    >
    > http://www.tftp-server.com/tftp_server_configuration.html
    >
    > "It makes hard to specify firewall rules permitting
    > traffic to TFTP Server."
    >
    > http://tools.ietf.org/html/rfc1350
    >
    > "Most errors cause termination of the connection. An error is
    > signalled by sending an error packet. This packet is not
    > acknowledged, and not retransmitted (i.e., a TFTP server or user may
    > terminate after sending an error message), so the other end of the
    > connection may not get it. Therefore timeouts are used to detect
    > such a termination when the error packet has been lost.
    >
    > Errors are caused by three types of events: not being able to
    > satisfy the request (e.g., file not found, access violation, or no

    such user),
    > receiving a packet which cannot be explained by a delay or
    > duplication in the network (e.g., an incorrectly formed packet), and
    > losing access to a necessary resource (e.g., disk full or access
    > denied during a transfer).
    >
    > TFTP recognizes only one error condition that does not cause
    > termination, the source port of a received packet being incorrect.
    > In this case, an error packet is sent to the originating host.
    >
    > This protocol is very restrictive, in order to simplify
    > implementation. For example, the fixed length blocks make allocation
    > straight forward, and the lock step acknowledgement provides flow
    > control and eliminates the need to reorder incoming data packets."
    >
    > And the information here, makes it look like you may be receiving
    > an explicit error packet from the server. You can look at that
    > packet with Wireshark.
    >
    > http://www.networksorcery.com/enp/protocol/tftp.htm
    >
    > "Error codes:
    > ...
    >
    > 2 Access violation"
    >
    > HTH,
    > Paul

    ----------------

    when I attempted to download config via TFTP, I tried sniff traffic with
    Network protocol analyzer, but this doesn't help too much.

    protocol IP source IP Destination
    Port source Port destination Size
    UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68 1053
    69 91
    UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    4626 1053 63

    Can I get this Error code 2 "Access violation" in one of the following
    cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path to
    file required, not just file name, c) no permission to download config file.
    Or in this cases, another error code will be shown?

    Thanks.
     
  4. antares

    antares Flightless Bird

    "antares" <antares@nospam.microsoft.com> wrote in message
    news:eOKefUuSLHA.2064@TK2MSFTNGP05.phx.gbl...
    >
    > "Paul" <nospam@needed.com> wrote in message
    > news:i5oko5$g7e$1@speranza.aioe.org...
    > > antares wrote:
    > > > Standard TFTP client, command-line interface, when I tried to

    download
    > > > file from server, got Access violation error:
    > > >
    > > >
    > > > C:/>tftp.exe -i xxx.xxx.xxx.xx GET abcc.bin
    > > >
    > > > Transfering file abcc.bin from server in octet mode...
    > > > Error occurred during the file transfer (Error code = 2):
    > > > Access violation
    > > > -------
    > > > How to overcome the issue and download file?

    > >
    > > First, study the protocol, and understand how it can fail.
    > > For the protocol to work over the Internet, you'd have to
    > > look at any NAT translation issues. The server side might
    > > need port forwarding to port 69.
    > >
    > > http://en.wikipedia.org/wiki/Trivial_File_Transfer_Protocol
    > >
    > > A copy of Wireshark can be used to "watch" the transfer, see
    > > if the protocol is working as you expect or not. The timing
    > > of when packets are sent (i.e. seeing a timeout interval
    > > between attempts), can also help provide you with evidence
    > > of where a failure might be.
    > >
    > > http://en.wikipedia.org/wiki/Wireshark
    > >
    > > Looking at the Wikipedia article, the TFTP program is
    > > too simple minded to be used to debug where the problem
    > > may be.
    > >
    > > http://www.tftp-server.com/tftp_server_configuration.html
    > >
    > > "It makes hard to specify firewall rules permitting
    > > traffic to TFTP Server."
    > >
    > > http://tools.ietf.org/html/rfc1350
    > >
    > > "Most errors cause termination of the connection. An error is
    > > signalled by sending an error packet. This packet is not
    > > acknowledged, and not retransmitted (i.e., a TFTP server or user may
    > > terminate after sending an error message), so the other end of the
    > > connection may not get it. Therefore timeouts are used to detect
    > > such a termination when the error packet has been lost.
    > >
    > > Errors are caused by three types of events: not being able to
    > > satisfy the request (e.g., file not found, access violation, or no

    > such user),
    > > receiving a packet which cannot be explained by a delay or
    > > duplication in the network (e.g., an incorrectly formed packet), and
    > > losing access to a necessary resource (e.g., disk full or access
    > > denied during a transfer).
    > >
    > > TFTP recognizes only one error condition that does not cause
    > > termination, the source port of a received packet being incorrect.
    > > In this case, an error packet is sent to the originating host.
    > >
    > > This protocol is very restrictive, in order to simplify
    > > implementation. For example, the fixed length blocks make

    allocation
    > > straight forward, and the lock step acknowledgement provides flow
    > > control and eliminates the need to reorder incoming data packets."
    > >
    > > And the information here, makes it look like you may be receiving
    > > an explicit error packet from the server. You can look at that
    > > packet with Wireshark.
    > >
    > > http://www.networksorcery.com/enp/protocol/tftp.htm
    > >
    > > "Error codes:
    > > ...
    > >
    > > 2 Access violation"
    > >
    > > HTH,
    > > Paul

    > ----------------
    >
    > when I attempted to download config via TFTP, I tried sniff traffic with
    > Network protocol analyzer, but this doesn't help too much.
    >
    > protocol IP source IP Destination
    > Port source Port destination Size
    > UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68

    1053
    > 69 91
    > UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    > 4626 1053 63
    >
    > Can I get this Error code 2 "Access violation" in one of the following
    > cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path to
    > file required, not just file name, c) no permission to download config

    file.
    > Or in this cases, another error code will be shown?
    >
    > Thanks.

    -----------------

    I tried to download and sniff more times, and find that on each attempt
    sniffer return different Port Source and Port Destination:

    UDP -> TFTP Port Source: 1113 Port Destination: 69
    UDP Port Source: 2826 Port Destination: 1113

    UDP -> TFTP Port Source: 1114 Port Destination: 69
    UDP Port Source: 2833 Port Destination: 1114

    UDP -> TFTP Port Source: 1115 Port Destination: 69
    UDP Port Source: 2839 Port Destination: 1115
     
  5. Paul

    Paul Flightless Bird

    antares wrote:

    >
    > when I attempted to download config via TFTP, I tried sniff traffic with
    > Network protocol analyzer, but this doesn't help too much.
    >
    > protocol IP source IP Destination
    > Port source Port destination Size
    > UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68 1053
    > 69 91
    > UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    > 4626 1053 63
    >
    > Can I get this Error code 2 "Access violation" in one of the following
    > cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path to
    > file required, not just file name, c) no permission to download config file.
    > Or in this cases, another error code will be shown?
    >
    > Thanks.
    >


    If you look at the actual packet coming back from the server, does
    it show error 2 ? The packet format is defined here.

    http://www.networksorcery.com/enp/protocol/tftp.htm

    The Opcode value would be 0x05 (Error message).

    The data would be 0x02 (Access violation), if the server
    is returning an access violation error.

    The problem could also be locally, when the tftp program is
    run from the command prompt, and you don't have permission to
    write in that directory, but somehow I doubt that is the problem.
    And the error message in that case, might be reported in a
    different way.

    Paul
     
  6. antares

    antares Flightless Bird

    "Paul" <nospam@needed.com> wrote in message
    news:i5p5re$m0b$1@news.eternal-september.org...
    > antares wrote:
    >
    > >
    > > when I attempted to download config via TFTP, I tried sniff traffic with
    > > Network protocol analyzer, but this doesn't help too much.
    > >
    > > protocol IP source IP Destination
    > > Port source Port destination Size
    > > UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68

    1053
    > > 69 91
    > > UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    > > 4626 1053 63
    > >
    > > Can I get this Error code 2 "Access violation" in one of the following
    > > cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path

    to
    > > file required, not just file name, c) no permission to download config

    file.
    > > Or in this cases, another error code will be shown?
    > >
    > > Thanks.
    > >

    >
    > If you look at the actual packet coming back from the server, does
    > it show error 2 ? The packet format is defined here.
    >
    > http://www.networksorcery.com/enp/protocol/tftp.htm
    >
    > The Opcode value would be 0x05 (Error message).
    >
    > The data would be 0x02 (Access violation), if the server
    > is returning an access violation error.
    >
    > The problem could also be locally, when the tftp program is
    > run from the command prompt, and you don't have permission to
    > write in that directory, but somehow I doubt that is the problem.
    > And the error message in that case, might be reported in a
    > different way.
    >
    > Paul

    -------

    here is how it look, I used PumpKIN Tftp:

    http://img214.imageshack.us/img214/525/pic1ia.jpg
    http://img521.imageshack.us/img521/183/pic2p.jpg
     
  7. Paul

    Paul Flightless Bird

    antares wrote:
    > "Paul" <nospam@needed.com> wrote in message
    > news:i5p5re$m0b$1@news.eternal-september.org...
    >> antares wrote:
    >>
    >>> when I attempted to download config via TFTP, I tried sniff traffic with
    >>> Network protocol analyzer, but this doesn't help too much.
    >>>
    >>> protocol IP source IP Destination
    >>> Port source Port destination Size
    >>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68

    > 1053
    >>> 69 91
    >>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    >>> 4626 1053 63
    >>>
    >>> Can I get this Error code 2 "Access violation" in one of the following
    >>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full path

    > to
    >>> file required, not just file name, c) no permission to download config

    > file.
    >>> Or in this cases, another error code will be shown?
    >>>
    >>> Thanks.
    >>>

    >> If you look at the actual packet coming back from the server, does
    >> it show error 2 ? The packet format is defined here.
    >>
    >> http://www.networksorcery.com/enp/protocol/tftp.htm
    >>
    >> The Opcode value would be 0x05 (Error message).
    >>
    >> The data would be 0x02 (Access violation), if the server
    >> is returning an access violation error.
    >>
    >> The problem could also be locally, when the tftp program is
    >> run from the command prompt, and you don't have permission to
    >> write in that directory, but somehow I doubt that is the problem.
    >> And the error message in that case, might be reported in a
    >> different way.
    >>
    >> Paul

    > -------
    >
    > here is how it look, I used PumpKIN Tftp:
    >
    > http://img214.imageshack.us/img214/525/pic1ia.jpg
    > http://img521.imageshack.us/img521/183/pic2p.jpg
    >


    In your pic2p.jpg , I can see "0005 0002" near the end of the
    second line, and the descriptive text "Access Violation" is attached
    on the end of the package for good measure. The server is denying
    access to the file. Since the server can deny access
    based on IP address filtering, perhaps the access control
    on the server hasn't been set up correctly for what
    you're trying to do.

    Paul
     
  8. antares

    antares Flightless Bird

    "Paul" <nospam@needed.com> wrote in message
    news:i5panp$ijn$1@speranza.aioe.org...
    > antares wrote:
    > > "Paul" <nospam@needed.com> wrote in message
    > > news:i5p5re$m0b$1@news.eternal-september.org...
    > >> antares wrote:
    > >>
    > >>> when I attempted to download config via TFTP, I tried sniff traffic

    with
    > >>> Network protocol analyzer, but this doesn't help too much.
    > >>>
    > >>> protocol IP source IP Destination
    > >>> Port source Port destination Size
    > >>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68

    > > 1053
    > >>> 69 91
    > >>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    > >>> 4626 1053 63
    > >>>
    > >>> Can I get this Error code 2 "Access violation" in one of the

    following
    > >>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full

    path
    > > to
    > >>> file required, not just file name, c) no permission to download config

    > > file.
    > >>> Or in this cases, another error code will be shown?
    > >>>
    > >>> Thanks.
    > >>>
    > >> If you look at the actual packet coming back from the server, does
    > >> it show error 2 ? The packet format is defined here.
    > >>
    > >> http://www.networksorcery.com/enp/protocol/tftp.htm
    > >>
    > >> The Opcode value would be 0x05 (Error message).
    > >>
    > >> The data would be 0x02 (Access violation), if the server
    > >> is returning an access violation error.
    > >>
    > >> The problem could also be locally, when the tftp program is
    > >> run from the command prompt, and you don't have permission to
    > >> write in that directory, but somehow I doubt that is the problem.
    > >> And the error message in that case, might be reported in a
    > >> different way.
    > >>
    > >> Paul

    > > -------
    > >
    > > here is how it look, I used PumpKIN Tftp:
    > >
    > > http://img214.imageshack.us/img214/525/pic1ia.jpg
    > > http://img521.imageshack.us/img521/183/pic2p.jpg
    > >

    >
    > In your pic2p.jpg , I can see "0005 0002" near the end of the
    > second line, and the descriptive text "Access Violation" is attached
    > on the end of the package for good measure. The server is denying
    > access to the file. Since the server can deny access
    > based on IP address filtering, perhaps the access control
    > on the server hasn't been set up correctly for what
    > you're trying to do.
    >
    > Paul

    ------------

    in that case, how cable modem get config file every time it boots?

    thanks.
     
  9. Paul

    Paul Flightless Bird

    antares wrote:
    > "Paul" <nospam@needed.com> wrote in message
    > news:i5panp$ijn$1@speranza.aioe.org...
    >> antares wrote:
    >>> "Paul" <nospam@needed.com> wrote in message
    >>> news:i5p5re$m0b$1@news.eternal-september.org...
    >>>> antares wrote:
    >>>>
    >>>>> when I attempted to download config via TFTP, I tried sniff traffic

    > with
    >>>>> Network protocol analyzer, but this doesn't help too much.
    >>>>>
    >>>>> protocol IP source IP Destination
    >>>>> Port source Port destination Size
    >>>>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
    >>> 1053
    >>>>> 69 91
    >>>>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    >>>>> 4626 1053 63
    >>>>>
    >>>>> Can I get this Error code 2 "Access violation" in one of the

    > following
    >>>>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full

    > path
    >>> to
    >>>>> file required, not just file name, c) no permission to download config
    >>> file.
    >>>>> Or in this cases, another error code will be shown?
    >>>>>
    >>>>> Thanks.
    >>>>>
    >>>> If you look at the actual packet coming back from the server, does
    >>>> it show error 2 ? The packet format is defined here.
    >>>>
    >>>> http://www.networksorcery.com/enp/protocol/tftp.htm
    >>>>
    >>>> The Opcode value would be 0x05 (Error message).
    >>>>
    >>>> The data would be 0x02 (Access violation), if the server
    >>>> is returning an access violation error.
    >>>>
    >>>> The problem could also be locally, when the tftp program is
    >>>> run from the command prompt, and you don't have permission to
    >>>> write in that directory, but somehow I doubt that is the problem.
    >>>> And the error message in that case, might be reported in a
    >>>> different way.
    >>>>
    >>>> Paul
    >>> -------
    >>>
    >>> here is how it look, I used PumpKIN Tftp:
    >>>
    >>> http://img214.imageshack.us/img214/525/pic1ia.jpg
    >>> http://img521.imageshack.us/img521/183/pic2p.jpg
    >>>

    >> In your pic2p.jpg , I can see "0005 0002" near the end of the
    >> second line, and the descriptive text "Access Violation" is attached
    >> on the end of the package for good measure. The server is denying
    >> access to the file. Since the server can deny access
    >> based on IP address filtering, perhaps the access control
    >> on the server hasn't been set up correctly for what
    >> you're trying to do.
    >>
    >> Paul

    > ------------
    >
    > in that case, how cable modem get config file every time it boots?
    >
    > thanks.
    >


    Would the packet header be the same, if the cable modem downloads
    the configuration file, versus you attempting to download that
    file from the LAN side of the modem ? Perhaps the MAC address
    is being used for filtration ?

    TFTP has no authentication as such, but a server could look
    at the packet headers, to determine whether the device is
    authorized.

    Paul
     
  10. antares

    antares Flightless Bird

    "Paul" <nospam@needed.com> wrote in message
    news:i5pep1$mpv$1@speranza.aioe.org...
    > antares wrote:
    >> "Paul" <nospam@needed.com> wrote in message
    >> news:i5panp$ijn$1@speranza.aioe.org...
    >>> antares wrote:
    >>>> "Paul" <nospam@needed.com> wrote in message
    >>>> news:i5p5re$m0b$1@news.eternal-september.org...
    >>>>> antares wrote:
    >>>>>
    >>>>>> when I attempted to download config via TFTP, I tried sniff traffic

    >> with
    >>>>>> Network protocol analyzer, but this doesn't help too much.
    >>>>>>
    >>>>>> protocol IP source IP Destination
    >>>>>> Port source Port destination Size
    >>>>>> UDP -> TFTP xx.xxx.xx.89 xxx.xxx.xxx.68
    >>>> 1053
    >>>>>> 69 91
    >>>>>> UDP xxx.xxx.xxx.68 xx.xxx.xx.89
    >>>>>> 4626 1053 63
    >>>>>>
    >>>>>> Can I get this Error code 2 "Access violation" in one of the

    >> following
    >>>>>> cases: a) wrong TFTP server, i.e. this is not TFTP server; b) full

    >> path
    >>>> to
    >>>>>> file required, not just file name, c) no permission to download
    >>>>>> config
    >>>> file.
    >>>>>> Or in this cases, another error code will be shown?
    >>>>>>
    >>>>>> Thanks.
    >>>>>>
    >>>>> If you look at the actual packet coming back from the server, does
    >>>>> it show error 2 ? The packet format is defined here.
    >>>>>
    >>>>> http://www.networksorcery.com/enp/protocol/tftp.htm
    >>>>>
    >>>>> The Opcode value would be 0x05 (Error message).
    >>>>>
    >>>>> The data would be 0x02 (Access violation), if the server
    >>>>> is returning an access violation error.
    >>>>>
    >>>>> The problem could also be locally, when the tftp program is
    >>>>> run from the command prompt, and you don't have permission to
    >>>>> write in that directory, but somehow I doubt that is the problem.
    >>>>> And the error message in that case, might be reported in a
    >>>>> different way.
    >>>>>
    >>>>> Paul
    >>>> -------
    >>>>
    >>>> here is how it look, I used PumpKIN Tftp:
    >>>>
    >>>> http://img214.imageshack.us/img214/525/pic1ia.jpg
    >>>> http://img521.imageshack.us/img521/183/pic2p.jpg
    >>>>
    >>> In your pic2p.jpg , I can see "0005 0002" near the end of the
    >>> second line, and the descriptive text "Access Violation" is attached
    >>> on the end of the package for good measure. The server is denying
    >>> access to the file. Since the server can deny access
    >>> based on IP address filtering, perhaps the access control
    >>> on the server hasn't been set up correctly for what
    >>> you're trying to do.
    >>>
    >>> Paul

    >> ------------
    >>
    >> in that case, how cable modem get config file every time it boots?
    >>
    >> thanks.
    >>

    >
    > Would the packet header be the same, if the cable modem downloads
    > the configuration file, versus you attempting to download that
    > file from the LAN side of the modem ? Perhaps the MAC address
    > is being used for filtration ?
    >
    > TFTP has no authentication as such, but a server could look
    > at the packet headers, to determine whether the device is
    > authorized.
    >
    > Paul

    -----------------------------------


    Can the TFTP server (run on Linux server) filter IP addresses? When I do
    request with DHCP query tool, the Server response show, that IP address of
    cable modem (PKT:YIAddr) is different from my IP address which shown in
    computer's TCP/IP settings (and when check on web). The same for Gateway and
    Subnet mask.

    > Would the packet header be the same, if the cable modem downloads
    > the configuration file, versus you attempting to download that
    > file from the LAN side of the modem ?


    How to determine this? Specifically, how to check the packet header when
    cable modem downloads the config. file? I tried power off modem, wait, then
    power on, but Network protocol analyzer didn't show traffic.
     
  11. Paul

    Paul Flightless Bird

    antares wrote:


    > Can the TFTP server (run on Linux server) filter IP addresses? When I do
    > request with DHCP query tool, the Server response show, that IP address
    > of cable modem (PKT:YIAddr) is different from my IP address which shown
    > in computer's TCP/IP settings (and when check on web). The same for
    > Gateway and Subnet mask.


    This server shows some filtering capability, to control what clients
    have access. You can see an example of the configuration window for
    the TFTP server in this picture. At the very least, this window shows
    TCP/IP addresses.

    http://www.tftp-server.com/images/srvconf_2.gif

    >
    >> Would the packet header be the same, if the cable modem downloads
    >> the configuration file, versus you attempting to download that
    >> file from the LAN side of the modem ?

    >
    > How to determine this? Specifically, how to check the packet header
    > when cable modem downloads the config. file? I tried power off modem,
    > wait, then power on, but Network protocol analyzer didn't show traffic.
    >


    It would be pretty difficult, because the packet from the cable modem,
    would be converted to DOCSIS and immediately go over the cable TV wire
    as an RF signal. Pretty hard to fit a packet sniffer there, unless you
    have a way to eavesdrop on the cable signal. Most of the cable modem
    conversation is encrypted, but at the point the configuration file
    is being fetched, there is a good chance that is all in plaintext,
    as the encryption would be set up at registration time. (The modem
    downloads the config file, and registration is the next step in the
    reverse direction. See some online CISCO documentation for example
    details.)

    Paul
     
  12. antares

    antares Flightless Bird

    "Paul" <nospam@needed.com> wrote in message
    news:i5r3md$ssv$1@speranza.aioe.org...
    > antares wrote:
    >
    >
    > > Can the TFTP server (run on Linux server) filter IP addresses? When I do
    > > request with DHCP query tool, the Server response show, that IP address
    > > of cable modem (PKT:YIAddr) is different from my IP address which shown
    > > in computer's TCP/IP settings (and when check on web). The same for
    > > Gateway and Subnet mask.

    >
    > This server shows some filtering capability, to control what clients
    > have access. You can see an example of the configuration window for
    > the TFTP server in this picture. At the very least, this window shows
    > TCP/IP addresses.
    >
    > http://www.tftp-server.com/images/srvconf_2.gif
    >
    > >
    > >> Would the packet header be the same, if the cable modem downloads
    > >> the configuration file, versus you attempting to download that
    > >> file from the LAN side of the modem ?

    > >
    > > How to determine this? Specifically, how to check the packet header
    > > when cable modem downloads the config. file? I tried power off modem,
    > > wait, then power on, but Network protocol analyzer didn't show traffic.
    > >

    >
    > It would be pretty difficult, because the packet from the cable modem,
    > would be converted to DOCSIS and immediately go over the cable TV wire
    > as an RF signal. Pretty hard to fit a packet sniffer there, unless you
    > have a way to eavesdrop on the cable signal. Most of the cable modem
    > conversation is encrypted, but at the point the configuration file
    > is being fetched, there is a good chance that is all in plaintext,
    > as the encryption would be set up at registration time. (The modem
    > downloads the config file, and registration is the next step in the
    > reverse direction. See some online CISCO documentation for example
    > details.)
    >
    > Paul

    ---------

    some details not fully clear: so, based on query response, cable modem have
    own IP address, own gateway and subnet mask, which have no any relationship
    with network adapter's TCP/IP addressing? So theoretically, assume if we set
    for PC network card static IP address which is in the same subnet with cable
    modem, same gateway and mask, we can access server? We can't connect to the
    Internet in this case though.
     
  13. Paul

    Paul Flightless Bird

    antares wrote:

    >
    > some details not fully clear: so, based on query response, cable modem have
    > own IP address, own gateway and subnet mask, which have no any relationship
    > with network adapter's TCP/IP addressing? So theoretically, assume if we set
    > for PC network card static IP address which is in the same subnet with cable
    > modem, same gateway and mask, we can access server? We can't connect to the
    > Internet in this case though.
    >


    Sounds good in theory.

    You should check into the history of this stuff. For example, this hack
    from 2002.

    http://web.archive.org/web/20020601130059/online.securityfocus.com/archive/82/261454

    ( http://www.securityfocus.com/news/353 )

    There are even people doing firmware changes, to make a modem easier to hack.

    http://www.roadrunnerguide.com/files/SIGMA-X2_128. Manual.pdf

    It's all very amusing. But some time has passed, so it isn't likely
    that the same techniques will still work now. How long could a cable
    company stay in the Internet business, if every teenager has uncapped
    the modem, leaving the less technically savvy running at 75 kbit/sec ?
    I think someone would notice the imbalance. The head end equipment
    can probably count bytes/sec and can tell the modem is not operating
    within its profile.

    Paul
     

Share This Page