> 1. Ports are only controlled from the mainframe out. Fact. `I can't do > anything against that.
What are , e.g., PORT, RESTRICTLOWPORTS, chopped liver? Or do you mean that management won't let you do anything? > 2. SMTP (CSSMTP) server is the only authorised user of the port. Then why does IBM document the use of sendmail? > 3. However, SMTP is a text based protocol. Pretty much everything in TCP/IP other than IP and UDP is text based. So what? >Say Hello, FROM;, TO:, text and MINE text, and you go. MAIL FROM:[email protected] 530 5.7.0 Authentication required -- Shmuel (Seymour J.) Metz http://mason.gmu.edu/~smetz3 ________________________________________ From: IBM Mainframe Discussion List <[email protected]> on behalf of ITschak Mugzach <[email protected]> Sent: Wednesday, July 18, 2018 12:51 PM To: [email protected] Subject: Re: What port scan does nd does not tell you Shmuel, 1. Ports are only controlled from the mainframe out. Fact. `I can't do anything against that. 2. SMTP (CSSMTP) server is the only authorised user of the port. 3. However, SMTP is a text based protocol. Say Hello, FROM;, TO:, text and MINE text, and you go. You must try it your self from and to the mainframe. As per the 2rd question you posed, "Are the servers ... configured?" this is the one million dollars question I and many security experts are looking at. Some times it is, most time it's not. Thats life. ITschak On Wed, Jul 18, 2018 at 6:41 PM Seymour J Metz <[email protected]> wrote: > I'm returning here to a previous security topic. > > When a port scan locates an open inbound port, that does not in itself > indicate a security problem. What it indicates is the need to audit the use > of that port. There are two issues that need to be investigated: > > 1. Is the use of the port controlled so that only authorized servers can > use it? > > 2. Are the servers using that port correctly configured? > > As an example, it is okay to have an open port 25, but sendmail or > whatever should be configured to require use of SMTPAUTH. > > > -- > Shmuel (Seymour J.) Metz > http://mason.gmu.edu/~smetz3 > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > -- ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Contiguous Monitoring for Legacy **| * ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
