View Single Post
  #8   (View Single Post)  
Old 4th March 2014
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,977
Default

PXE booting uses two protocols: DHCP and TFTP.

DHCP requests begin as broadcasts, and broadcast traffic by its nature is not routable. The system being booted requires either a local DHCP server on the same subnet, or it requires a DHCP-relay server on the same subnet to relay requests to a central DHCP server elsewhere. Remember, DHCP assigns IP addresses, defines routes, and provides other network configurations to platforms and are almost always local to the subnet where the devices being configured are connected.

The TFTP protocol is routable, as it rides atop UDP. But, it is TFTP. From a security perspective, keep in mind what this could mean if you are using insecure network connections, such as the Internet: TFTP has no authentication, and packets are transmitted in plaintext. MITM attacks are possible, even if those attacks are low odds.
Reply With Quote