× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. May 2005

Re: Ports to block to limit the use of Client access Data transfer Facility

Client Access will work without port 449 (Server Mapper) if you set the 
Connection Properties in iSeries Navigator, under "Where to look up port" 
to "Standard" or "Local" (from the default "Server", which is when it uses 
port 449 to find what ports other Client Access services are running on).

...Neil




James Rich <james@xxxxxxxxxxx> 
Sent by: midrange-l-bounces@xxxxxxxxxxxx
2005/05/23 15:58



To
Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
cc

Subject
Re: Ports to block to limit the use of Client access Data transfer 
Facility






On Mon, 23 May 2005 rob@xxxxxxxxx wrote:

> I think trying to control it by controlling which emulator people use is 
a
> bad thing.  Then you'd have to scan every pc that attached to your lan 
for
> IBM's client access on a continual basis.  All it would take is one copy
> to break into the fort.  Better to control it on the server.

I agree that controlling server access should be done on the server.  One 
of the ways this can be accomplished is by blocking all unnecessary ports. 

For simple 5250 access, port 23 (or 992 if using SSL) is all that is 
needed.  Specifically, port 449 is not needed.  But client access won't 
work unless that port is open.  Therefore, imo the best approach is 
two-fold:  block all ports except 23 (or 992) and don't use client access. 

Since 449 is not open client access won't work, so you don't need to scan 
for it.  And the only thing that will work is plain old 5250.  As I see 
it, you have accomplished three things:

1. closed more ports making security easier
2. probably saved some money on licensing
3. made your life simpler

All my opinion of course (I have a bit of a bias regarding 5250 emulation)

James Rich

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.