ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpstoptftp.htm

67 lines
4.3 KiB
HTML
Raw Normal View History

2024-04-02 14:02:31 +00:00
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Prevent TFTP access" />
<meta name="abstract" content="This article discusses the steps for preventing users from accessing the TFTP server." />
<meta name="description" content="This article discusses the steps for preventing users from accessing the TFTP server." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcptftp.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpstoptftp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Prevent TFTP access</title>
</head>
<body id="tcpstoptftp"><a name="tcpstoptftp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Prevent TFTP access</h1>
<div><p>This article discusses the steps for preventing users from accessing
the TFTP server.</p>
<div class="section">If you do not have any thin clients attached to your network, you
probably do not need to run the TFTP server on your system. Do the following
to prevent the TFTP server from running:</div>
<ol><li class="stepexpand"><span>To prevent TFTP server jobs from starting automatically when you
start TCP/IP, type the following: <kbd class="userinput">CHGTFTPA AUTOSTART(*NO)</kbd></span> <p>AUTOSTART(*NO) is the default value.</p>
</li>
<li class="stepexpand"><span>To prevent someone from associating a user application, such as
a socket application, with the port that the system normally uses for TFTP,
do the following:</span><ol type="a"><li class="substepexpand"><span>Type <kbd class="userinput">GO CFGTCP</kbd> to display the <span class="uicontrol">Configure
TCP/IP</span> menu.</span></li>
<li class="substepexpand"><span>Select option <span class="uicontrol">4</span> (Work with TCP/IP port
restrictions).</span></li>
<li class="substepexpand"><span>On the Work with TCP/IP Port Restrictions display, specify option <span class="uicontrol">1</span> (Add).</span></li>
<li class="substepexpand"><span>For the lower port range, specify <kbd class="userinput">69</kbd>.</span></li>
<li class="substepexpand"><span>For the upper port range, specify <kbd class="userinput">*ONLY</kbd>.</span> <div class="note"><span class="notetitle">Note:</span> The port restriction takes effect the next time that you start
TCP/IP. If TCP/IP is active when you set the port restrictions, you should
end TCP/IP and start it again.</div>
</li>
<li class="substepexpand"><span>For the protocol, specify <kbd class="userinput">*UDP</kbd>.</span></li>
<li class="substepexpand"><span>For the user profile field, specify a user profile name that
is protected on your system. (A protected user profile is a user profile that
does not own programs that adopt authority and does not have a password that
is known by other users.) By restricting the port to a specific user, you
automatically exclude all other users.</span></li>
</ol>
</li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcptftp.htm" title="These articles discuss methods for securing the TFTP server for authorized users and preventing access to the TFTP server.">Security considerations for using TFTP server</a></div>
</div>
</div>
</body>
</html>