This would certainly seem to be the case.

Have you done any testing? For example, have you
tried a valid TFTP 'get', and then compared the
results to an invalid procedure; ie, one in which
either the TFTP server doesn't exist, or the file
requested doesn't exist on the server itself?

--- "S.G." <sgcchono.com> wrote:
> When TFTP is run from a Windows NT system (oh, lets
> say to
> download an infected file), what would cause it to
> leave behind an
> empty TFTP temp file, such as tftp###, which has no
> size (0 bytes)?
> Would this indicate a failed download due to
> firewall blocking or the
> target system was unavailable, or something else?
>
> This happens to be Nimda related (other network
> traffic pointed to this
> as well), but I'm more interested in the TFTP temp
> file behavior on
> WinNT right now. BTW, the system was not
> successfully infected.
> The TFTP Gets were run, but no data seemed to cross
> the network,
> though these empty tftp temporary files were created
> on the client
> (from where the TFTP Gets were run). Any insight
> into the cause of
> this behavior (the 0-byte files) would be much
> appreciated.
>
> S.G.

__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]