Mailinglist Archive: opensuse-security (605 mails)
| < Previous | Next > |
Re: [suse-security] port security
- From: dproc <dproc@xxxxxxx>
- Date: Wed, 17 Oct 2001 20:48:25 -0400
- Message-id: <20011017204825.A15680@xxxxxxxxxxxxxxx>
On Tue, 16 Oct 2001, Mauricio Latorre wrote:
> Use a firewall to avoid packets from Internet to ports 6000 and 1024.
> Restrict the IPs that can login at SSH (port 22)
>
> <hub4asc0
>
> ----- Original Message -----
> From: "Marios Marti" <mchu6mm3@xxxxxxxxxxx>
> Date: Tuesday, October 16, 2001 8:34 am
> Subject: [suse-security] port security
>
> > Hi
> > I have cut down the number of ports open to 3
> > 22 SSH
> > 1024 kdm (when a user is logged on)
> > 6000 X11
> >
> > I was wondering if these ports are secure enough and if not if
In addition to those answers, imho you should also close off
the ports at the application level if possible.
At least for X11 and for xdm these are faqs (see for example
a thread in Aug 2000 -- Roman Drahtmueller and Corvin
Russell posted the answers which worked for me) -- I don't
remember seeing an answer for kdm (I don't use it.)
If you are using X (XFree86) only locally or over SSH then you can
(and should) close it down to the network -- add
-nolisten tcp
to each line in .../X11/xdm/Xservers
or the kdm equivalent.
Don't forget that you can easily open additional X servers, they
typically take ports 6001 and up. -nolisten and reasonable
firewall rules will protect those too.
And you don't need the answer for xdm -- I hope that there
is something like this you could add to the config file for kdm:
DisplayManager.requestPort: 0
dproc
> Use a firewall to avoid packets from Internet to ports 6000 and 1024.
> Restrict the IPs that can login at SSH (port 22)
>
> <hub4asc0
>
> ----- Original Message -----
> From: "Marios Marti" <mchu6mm3@xxxxxxxxxxx>
> Date: Tuesday, October 16, 2001 8:34 am
> Subject: [suse-security] port security
>
> > Hi
> > I have cut down the number of ports open to 3
> > 22 SSH
> > 1024 kdm (when a user is logged on)
> > 6000 X11
> >
> > I was wondering if these ports are secure enough and if not if
In addition to those answers, imho you should also close off
the ports at the application level if possible.
At least for X11 and for xdm these are faqs (see for example
a thread in Aug 2000 -- Roman Drahtmueller and Corvin
Russell posted the answers which worked for me) -- I don't
remember seeing an answer for kdm (I don't use it.)
If you are using X (XFree86) only locally or over SSH then you can
(and should) close it down to the network -- add
-nolisten tcp
to each line in .../X11/xdm/Xservers
or the kdm equivalent.
Don't forget that you can easily open additional X servers, they
typically take ports 6001 and up. -nolisten and reasonable
firewall rules will protect those too.
And you don't need the answer for xdm -- I hope that there
is something like this you could add to the config file for kdm:
DisplayManager.requestPort: 0
dproc
| < Previous | Next > |