× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. August 2010

RE: Securing port 23

We use the "Secure only" option for Telnet, (under the General tab of
TELNET Properties) which effectively turns off port 23.

IP Packet rules can give you an additional layer of security and they're
very easy to implement using statement like these:

FILTER SET Users ACTION = PERMIT DIRECTION = * SRCADDR = nnn.nnn.nnn.nnn
DSTADDR = * PROTOCOL = * DSTPORT = * SRCPORT = * JRN = OFF

FILTER SET InboundTelnet ACTION = PERMIT DIRECTION = INBOUND SRCADDR = *
DSTADDR = nnn.nnn.nnn.nnn PROTOCOL = TCP DSTPORT = 23 SRCPORT = * JRN =
OFF

FILTER SET Block ACTION = DENY DIRECTION = INBOUND SRCADDR = * DSTADDR =
* PROTOCOL = * DSTPORT = * SRCPORT = * JRN = FULL

Access the packet rules editor using the System i Navigator under
Network/IP Policies. Be sure to create a rule allowing your workstation
first, or you could end up locked out completely!

More info is at:
http://as400bks.rochester.ibm.com/iseries/v5r1/ic2924/info/rzajb/rzajb00
0.pdf

Regards,

Scott Ingvaldson
Senior IBM Support Specialist
Midwest Region Data Center
Fiserv.


-----Original Message-----
From: Scott Klement [mailto:midrange-l@xxxxxxxxxxxxxxxx]
Sent: Tuesday, August 24, 2010 11:38 PM
To: Midrange Systems Technical Discussion
Subject: Re: Securing port 23

(confused) What do you mean by "turned off port 23" if you haven't
already blocked it through the firewall? If you have blocked it
through the firewall, then you've already secured it from beyond the
firewall, haven't you?

Why do you want/need unsecured telnet, anyway?!


Trevor Perry wrote:
I have a customer who has turned off port 23 and only uses SSL. We
have a
requirement where we must use port 23 for unsecured telnet. How can I
ensure
that opening port 23 does not expose telnet beyond their DMZ/firewall?



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.