Re: Risk-Port 3270

["Michael R. Martinez" <mike () security-bounce com>]

If you're trying to figure out what is listening run nmap against it: nmap -v -T5 -A x.x.x.x -p3270 or telnet to the 
port and see if you can grab a banner, or run netcat and tack "z" against that port. The probability of someone 
sniffing that port or exploiting a vulnerability is as probable as you feel your security is. If its that big of a deal 
try limiting access to that port based on principal of least privledge, meaning if it is a connection for a server to 
use acl out any other access to that port. If it is financial info you shouldn't just "open" the port, you should use 
some encryption, but sniffing is more likely internaly than external. By convention you should never open a port unless 
there is a business need and in this case encrypted. I can go on for days regarding this scenario as I have had the 
same requests in the past. I wouldn't do it until I got more info.

Cheers,

Mike
Michael R. Martinez
TF: 800-987-7307

-----Original Message-----
From: Kartik <kartik.netsec () gmail com>

Date: Fri, 7 Dec 2007 13:54:05 
To:security-basics () securityfocus com
Subject: Risk-Port 3270


Hi,

Recently I got a change request which is to be implemented on the
firewall. The requirement is to allow port 3270 from inside network to
a webserver located in the outside world.
I would like to know the Risk/Threats associated with this change. I
dont know what kind of a data would traverse in this setup but most
likely its going to be something related with financial transactions.

-- 
Thanx & Regards
Kartik
Sr. Specialist- Security
www.hcl.in