Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
Re: [suse-security] Block port 6000
  • From: Adilson Guilherme Vasconcelos Ribeiro <adilson@xxxxxxxxxxx>
  • Date: Wed, 11 Jul 2001 11:19:08 -0300 (BRT)
  • Message-id: <Pine.LNX.4.31.0107111110370.622-100000@xxxxxxxxxxxxxxxxxxxxx>
On Wed, 11 Jul 2001 dog@xxxxxxxxx wrote:

> I dont think that there is a way to keep X from listening on port 6000 (or
> some port) since it is a server running on your machine. It has to bind
> to a port and then the client connects to that port. That is why you can
> have multiple X sessions, running on different ports. If you dont want
> anything running on port 6000, dont run X. If you just dont want anyone
> else but yourself to connect to it, do
> ipchains -A input -s ! 127.0.0.1 -p tcp --dport 6000 -j REJECT

hi

actually, you can keep X from binding on port 6000

call it as

X -nolisten TCP

or startx -- -nolisten TCP

or change in the Xservers file (/etc/X11/xdm/Xserver IIRC)

the line that calls the x server for xdm login

and it won't bind to the port 6000 + session number

as a test, see my netstat output, i have 3 X sessions running, one
of them with the nolisten clause

adilson@linux:~ > netstat -tuan
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:1024 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6000 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:6002 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN

port 6000 listening is the first X session, port 6002 is the 3rd session,
the second session has no port bound

best regards
Adilson Ribeiro
PS: no one really will connect to your server via tcp/ip, not even
yourself :) you will have to do that with the :session notation, without
the hostname (the hostname implies network connection)


< Previous Next >
References