ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzamv_5.4.0.1/rzamvtcpstopbootp.htm

76 lines
4.7 KiB
HTML

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Prevent BOOTP access" />
<meta name="abstract" content="If you do not have any thin clients attached to your network, you do not need to run the BOOTP server on your system." />
<meta name="description" content="If you do not have any thin clients attached to your network, you do not need to run the BOOTP server on your system." />
<meta name="DC.Relation" scheme="URI" content="rzamvtcpbootstrap.htm" />
<meta name="copyright" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="tcpstopbootp" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Prevent BOOTP access</title>
</head>
<body id="tcpstopbootp"><a name="tcpstopbootp"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Prevent BOOTP access</h1>
<div><p>If you do not have any thin clients attached to your network, you
do not need to run the BOOTP server on your system. </p>
<div class="section">It can be used for other devices, but the preferred solution for
those devices is to use DHCP. Do the following to prevent the BOOTP server
from running:</div>
<ol><li class="stepexpand"><span>To prevent BOOTP server jobs from starting automatically when you
start TCP/IP, type the following: <samp class="codeph">CHGBPA AUTOSTART(*NO)</samp></span> <div class="note"><span class="notetitle">Note:</span> <ol type="a"><li>AUTOSTART(*NO) is the default value.</li>
<li>“Control which TCP/IP servers start automatically” on page 120 provides
more information about controlling which TCP/IP servers start automatically.</li>
</ol>
</div>
</li>
<li class="stepexpand"><span>To prevent someone from associating a user application, such as
a socket application, with the port that the system normally uses for BOOTP,
do the following:</span> <div class="note"><span class="notetitle">Note:</span> Because DHCP and BOOTP use the same port
number, this will also inhibit the port that is used by DHCP. Do not restrict
the port if you want to use DHCP.</div>
<ol type="a"><li><span>Type GO CFGTCP to display the Configure TCP/IP menu.</span></li>
<li><span>Select option 4 (Work with TCP/IP port restrictions).</span></li>
<li><span>On the Work with TCP/IP Port Restrictions display, specify option
1 (Add).</span></li>
<li><span>For the lower port range, specify 67.</span></li>
<li><span>For the upper port range, specify *ONLY.</span></li>
</ol>
<div class="note"><span class="notetitle">Note:</span> <ol type="a"><li>The port restriction takes effect the next time that you start TCP/IP.
If TCP/IP is active when you set the port restrictions, you should end TCP/IP
and start it again.</li>
<li>RFC1700 provides information about common port number assignments.</li>
</ol>
</div>
</li>
<li class="stepexpand"><span>For the protocol, specify *UDP.</span></li>
<li class="stepexpand"><span>For the user profile field, specify a user profile name that is
protected on your system. A protected user profile is a user profile that
does not own programs that adopt authority and does not have a password that
is known by other users. By restricting the port to a specific user, you automatically
exclude all other users.</span></li>
</ol>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="rzamvtcpbootstrap.htm" title="Bootstrap Protocol (BOOTP) provides a dynamic method for associating workstations with servers and assigning workstation IP addresses and initial program load (IPL) sources.">Security considerations for using Bootstrap Protocol server</a></div>
</div>
</div>
</body>
</html>