mailing list archives
RE: Risk-Port 3270
From: "Nick Vaernhoej" <nick.vaernhoej () capitalcardservices com>
Date: Fri, 7 Dec 2007 14:36:36 -0600
The port number itself is not more or less secure than any other number.
You need to look at the service listening, if it is a web server then
which one? Once you know what you are dealing with it is simpler to
learn how vulnerable you will be.
Is the traffic encrypted? By what means? What client will be connecting?
The "scenario" you are mentioning does not specify anything but opening
port 3270 to a web server. This port number could be anything, think of
it as completely randomly picked. (just for the sake of getting the
question away from the port number itself).
This alone does not give you any information to answer if the traffic
can be sniffed...
"Quidquid latine dictum sit, altum sonatur."
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Kartik
Sent: Friday, December 07, 2007 1:14 PM
To: donge912 () planet nl
Cc: security-basics () securityfocus com
Subject: Re: Risk-Port 3270
Well, Management is asking whether, in this scenario; How secure will
be the traffic? They are asking the probability of data being sniffed.
The problem is that i do not have much info regarding the application.
On 12/8/07, donge912 () planet nl <donge912 () planet nl> wrote:
I think it is hard to tell what the risk is without knowing the
that will be making the connection. That's where the risk might be.
Willem van Dongen
Sr application analyst
Van: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]
Verzonden: vrijdag 7 december 2007 9:24
Aan: security-basics () securityfocus com
Onderwerp: Risk-Port 3270
Recently I got a change request which is to be implemented on the
firewall. The requirement is to allow port 3270 from inside network to
a webserver located in the outside world.
I would like to know the Risk/Threats associated with this change. I
dont know what kind of a data would traverse in this setup but most
likely its going to be something related with financial transactions.
Thanx & Regards
Sr. Specialist- Security
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.503 / Virus Database: 269.16.17/1176 - Release Date:
Thanx & Regards
This electronic transmission is intended for the addressee (s) named above. It contains information that is privileged,
confidential, or otherwise protected from use and disclosure. If you are not the intended recipient you are hereby
notified that any review, disclosure, copy, or dissemination of this transmission or the taking of any action in
reliance on its contents, or other use is strictly prohibited. If you have received this transmission in error, please
notify the sender that this message was received in error and then delete this message.