Thanks for all your replies but we found that blocking ports 8471 and 9471 will 
block the data transfer nad ODBC processes..We were able to do this for specfic 
groups
  ----- Original Message ----- 
  From: rob@xxxxxxxxx 
  To: Midrange Systems Technical Discussion 
  Sent: Monday, May 23, 2005 3:46 PM
  Subject: Re: Ports to block to limit the use of Client access Data 
transferFacility


  James,

  I think trying to control it by controlling which emulator people use is a 
  bad thing.  Then you'd have to scan every pc that attached to your lan for 
  IBM's client access on a continual basis.  All it would take is one copy 
  to break into the fort.  Better to control it on the server.

  Rob Berendt
  -- 
  Group Dekko Services, LLC
  Dept 01.073
  PO Box 2000
  Dock 108
  6928N 400E
  Kendallville, IN 46755
  http://www.dekko.com





  James Rich <james@xxxxxxxxxxx> 
  Sent by: midrange-l-bounces@xxxxxxxxxxxx
  05/23/2005 01:53 PM
  Please respond to
  Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>


  To
  Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
  cc

  Subject
  Re: Ports to block to limit the use of Client access Data transfer 
  Facility






  On Mon, 23 May 2005, John Candidi wrote:

  > Does anyone know which port on this list: (you'l have to paste the 2nd 
  > line to the end of the address on the first line to get the correct 
  > site)
  >
  > 
  http://www-912.ibm.com/s_dir/slkbase.nsf/1ac66549a21402188625680b0002037e/ac

  > c12fda96496e4b8625668f007ab75f?OpenDocument&Highlight=0,firewall
  >
  > Needs to be blocked to limit the use of data transfer functionality or 
  even
  > how to limit by user profile on the iSeries.

  I think if you use just ports 23 and 449 CA will still work, but not do 
  data transfer.  But perhaps a simpler solution is to not use client 
  access?  Other emulators use fewer ports, run faster, and use fewer 
  resources.  Some even have very agreeable licenses (i.e. GPL).

  James Rich

  It's not the software that's free; it's you.
                   - billyskank on Groklaw
  -- 
  This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing 
  list
  To post a message email: MIDRANGE-L@xxxxxxxxxxxx
  To subscribe, unsubscribe, or change list options,
  visit: http://lists.midrange.com/mailman/listinfo/midrange-l
  or email: MIDRANGE-L-request@xxxxxxxxxxxx
  Before posting, please take a moment to review the archives
  at http://archive.midrange.com/midrange-l.


  -- 
  This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
  To post a message email: MIDRANGE-L@xxxxxxxxxxxx
  To subscribe, unsubscribe, or change list options,
  visit: http://lists.midrange.com/mailman/listinfo/midrange-l
  or email: MIDRANGE-L-request@xxxxxxxxxxxx
  Before posting, please take a moment to review the archives
  at http://archive.midrange.com/midrange-l.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.