On Tue, 16 Oct 2001, Mauricio Latorre wrote:
Use a firewall to avoid packets from Internet to ports 6000 and 1024. Restrict the IPs that can login at SSH (port 22)
----- Original Message ----- From: "Marios Marti"
Date: Tuesday, October 16, 2001 8:34 am Subject: [suse-security] port security Hi I have cut down the number of ports open to 3 22 SSH 1024 kdm (when a user is logged on) 6000 X11
I was wondering if these ports are secure enough and if not if
In addition to those answers, imho you should also close off the ports at the application level if possible. At least for X11 and for xdm these are faqs (see for example a thread in Aug 2000 -- Roman Drahtmueller and Corvin Russell posted the answers which worked for me) -- I don't remember seeing an answer for kdm (I don't use it.) If you are using X (XFree86) only locally or over SSH then you can (and should) close it down to the network -- add -nolisten tcp to each line in .../X11/xdm/Xservers or the kdm equivalent. Don't forget that you can easily open additional X servers, they typically take ports 6001 and up. -nolisten and reasonable firewall rules will protect those too. And you don't need the answer for xdm -- I hope that there is something like this you could add to the config file for kdm: DisplayManager.requestPort: 0 dproc