IP and port numbers

Chuck Bearden cbearden at hpl.lib.tx.us
Thu May 28 11:12:01 EDT 1998


On Thu, 28 May 1998 Kirk_Nims at michcon.com wrote:

> On 5/28 Nick said.-
> 
> Since z39.50 is not widely used, your firewall is probably blocking port
> 210, preventing sysetms outside the firewall from connecting inside via
> that port.  If everything was working prior to installing the firewall,
> chances are you just need to change the firewall configuration to stop
> filtering port 210.
> 
> -----------------------
> 
> This is my very problem.  Our security and network folks are affraid to
> open ports 210 and 2210 for outbound traffic so I can use z39.50 through
> our firewall.  Does anyone comprehend the security risks of enabling
> traffic over ports 210 and 2210 to support z39.50 activity?  I posted this
> question several weeks ago and had virtually no input.
> 
> TIA
> 
> Kirk Nims
> Librarian
> Michigan Consolidated Gas Co.
> Detroit, MI
> 313-226-9091  knims at michcon.com

The risks of this are difficult to assess without a knowledge of your
network configuration, type of firewall, and threats you perceive from 
outside.  

When you say "traffic over ports 210 and 2210", do you mean traffic
from port 2210 on your machine to port 210 on a remote machine?

My assumption is that z39.50 uses TCP as its transport-layer protocol,
since it is likely to be a session-oriented service.  However, if it
uses UDP, then their concern is understandable, since it is very 
difficult to ensure that UDP is used only for outbound connections.

Chuck Bearden
Network Services Librarian
Houston Public Library
Houston, TX  77002
713/247-2264 (voice)
713/247-1182 (fax)
cbearden at hpl.lib.tx.us


More information about the Web4lib mailing list