Mailinglist Archive: opensuse-security (141 mails)
| < Previous | Next > |
Re: [suse-security] Ports that shouldn't be open
- From: Deirdre Saoirse <deirdre@xxxxxxxxxxx>
- Date: Wed, 1 Dec 1999 21:48:17 -0800 (PST)
- Message-id: <Pine.LNX.4.21.9912012146520.25547-100000@xxxxxxxxxxxxxxxxxx>
On Wed, 1 Dec 1999, Daniel L. Donahue wrote:
> On Wed, 1 Dec 1999, Deirdre Saoirse wrote:
> > Also, why does SuSE default to having port 6000 open when X is running
> > (and how can I shut this off without a firewall)? Other Linux distros
> > don't do this.
> Actually, i think most distros do this, because xfree86 by default
> does this. There are two things that I know of you can do; one is run
> xauth/xhost (read the man pages) and restrict access to your x server. The
> other is to ipchains deny all packets to that connection.
NONE of the other distros I've seen show it listening on port 6000!
And the point is kinda moot: if xhost - means that it's still listening on
port 6000, the problem isn't solved.
> I usually use this line, since I don't need remote x capabilities:
> ipchains -A input -p TCP -i eth0 -s ! localhost -d 0/0 6000 -j DENY
But this is a firewall. If you'll note, I asked how to do it WITHOUT a
firewall.
--
_Deirdre * http://www.linuxcabal.net * http://www.deirdre.net
My three rules for happy living: No Windows, No Java, No Perl.
"I'd love to have the green paint concession on the next Matrix movie."
-- Rick Moen
> On Wed, 1 Dec 1999, Deirdre Saoirse wrote:
> > Also, why does SuSE default to having port 6000 open when X is running
> > (and how can I shut this off without a firewall)? Other Linux distros
> > don't do this.
> Actually, i think most distros do this, because xfree86 by default
> does this. There are two things that I know of you can do; one is run
> xauth/xhost (read the man pages) and restrict access to your x server. The
> other is to ipchains deny all packets to that connection.
NONE of the other distros I've seen show it listening on port 6000!
And the point is kinda moot: if xhost - means that it's still listening on
port 6000, the problem isn't solved.
> I usually use this line, since I don't need remote x capabilities:
> ipchains -A input -p TCP -i eth0 -s ! localhost -d 0/0 6000 -j DENY
But this is a firewall. If you'll note, I asked how to do it WITHOUT a
firewall.
--
_Deirdre * http://www.linuxcabal.net * http://www.deirdre.net
My three rules for happy living: No Windows, No Java, No Perl.
"I'd love to have the green paint concession on the next Matrix movie."
-- Rick Moen
| < Previous | Next > |