3270 Ssl

[hornet1]

Hi,

I am trying to simulate hacking attempts on our system we're using 3270 w/ssl to encrypt the data stream.

with security exploits rising threats I wonder If I can use some of the techniques used by HTTP ssl exploits and convert it to 3270 terminals (sslstrip, hijacks)

our public key is static and no access to our private keys

3270 = fancy telnet connection

anyone familiar with 3270 or even telnet ???!!

[digip]

We used TN3270 clients where I used to work. It was used just for access to the mainframe and MVS, CICS, IBM stuff, etc. I don't think using SSL strip in this scenario will work, since it would seem that they only allow access via the certificate authentication, they would have to enable the default telnet to work over the same port(which isnt going to happen) or make it so traffic switches from whatever port they use for SSL back to port 23, in which case, if they did their homework, should not allow native telnet in. Otherwise, you don't need SSL, and would be able to just direct any telnet application to port 23 on the system that is using telnet and logon without ssl.

Also, I think ssl strip's intention is to reroute traffic over http transparently to the user, so I highly doubt it would work with the telnet protocol. One is port 80, the other port 23. I've not tried SSL strip, so I'm, not sure how its setup or if you can even change the ports it does its magic on.

[hornet1]

thanks digip,

no we're not using native telnet.

we also use IBM's TN3270 with ssl and port 623 to encrypt the stream but my question is if I have the self-assigned certificate (BTW, it's static and never expires) and I can do MITM attack, will I be able to decrypt, hijack or even downgrade the connection to a terminal ??