Jump to content

3270 Ssl


Recommended Posts


I am trying to simulate hacking attempts on our system we're using 3270 w/ssl to encrypt the data stream.

with security exploits rising threats I wonder If I can use some of the techniques used by HTTP ssl exploits and convert it to 3270 terminals (sslstrip, hijacks)

our public key is static and no access to our private keys

3270 = fancy telnet connection

anyone familiar with 3270 or even telnet ???!!

Link to comment
Share on other sites

We used TN3270 clients where I used to work. It was used just for access to the mainframe and MVS, CICS, IBM stuff, etc. I don't think using SSL strip in this scenario will work, since it would seem that they only allow access via the certificate authentication, they would have to enable the default telnet to work over the same port(which isnt going to happen) or make it so traffic switches from whatever port they use for SSL back to port 23, in which case, if they did their homework, should not allow native telnet in. Otherwise, you don't need SSL, and would be able to just direct any telnet application to port 23 on the system that is using telnet and logon without ssl.

Also, I think ssl strip's intention is to reroute traffic over http transparently to the user, so I highly doubt it would work with the telnet protocol. One is port 80, the other port 23. I've not tried SSL strip, so I'm, not sure how its setup or if you can even change the ports it does its magic on.

Link to comment
Share on other sites

thanks digip,

no we're not using native telnet.

we also use IBM's TN3270 with ssl and port 623 to encrypt the stream but my question is if I have the self-assigned certificate (BTW, it's static and never expires) and I can do MITM attack, will I be able to decrypt, hijack or even downgrade the connection to a terminal ??

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...