Shmuel,
1. Ports are only controlled from the mainframe out. Fact. `I can't do anything against that. 2. SMTP (CSSMTP) server is the only authorised user of the port. 3. However, SMTP is a text based protocol. Say Hello, FROM;, TO:, text and MINE text, and you go. You must try it your self from and to the mainframe. As per the 2rd question you posed, "Are the servers ... configured?" this is the one million dollars question I and many security experts are looking at. Some times it is, most time it's not. Thats life. ITschak On Wed, Jul 18, 2018 at 6:41 PM Seymour J Metz <[email protected]> wrote: > I'm returning here to a previous security topic. > > When a port scan locates an open inbound port, that does not in itself > indicate a security problem. What it indicates is the need to audit the use > of that port. There are two issues that need to be investigated: > > 1. Is the use of the port controlled so that only authorized servers can > use it? > > 2. Are the servers using that port correctly configured? > > As an example, it is okay to have an open port 25, but sendmail or > whatever should be configured to require use of SMTPAUTH. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring for Legacy **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
