MediumCheck or Attack Name: tftp
TFTP was detected. TFTP has no authentication process for letting file transfers take place. An attacker can gain access to the password file.
Unix: Comment out the tftp entry in /etc/inet.conf to disable TFTP entirely, or change the entry to restrict TFTP from accessing all world-readable files. Then restart inetd.
CERT Advisory CA-89.05, DEC/Ultrix 3.0 Systems, http://www.cert.org/advisories/CA-89.05.ultrix3.0.hole.html
CERT Advisory CA-91.18, Active Internet tftp Attacks, http://www.cert.org/advisories/CA-91.18.Active.Internet.tftp.Attacks.html
