[TriLUG] preventing X from opening port 6000?
Mike Johnson
mike at enoch.org
Wed Mar 13 11:02:16 EST 2002
Geoff Purdy [geoff.purdy at verizon.net] wrote:
> Two questions:
> a) What is the level of risk of my system being compromised through port
> 6000 while running the X11 service?
Well, it's one more possible way in. If you're fully updated, you're
probably okay for now. However, that's not to say there's nothing coming
down the pipe (or not widely known). And, well, to you -really- need
X listening there? No.
However, one could probably DoS X without much work.
> b) I believe that if I boot into runlevel 3, I can run 'startx -nolisten
> tcp' to prevent X from opening port 6000. How can I configure the system to
> use the '-nolisten tcp' option when booting directly into X (runlevel 5).
Edit /etc/X11/xdm/Xservers and add your -nolisten tcp to the line there.
So, it should (probably - I'm not gonna exit X right now and try it)
read:
:0 local /usr/X11R6/bin/X -nolisten tcp
Mike
--
"Let the power of Ponch compel you! Let the power of Ponch compel you!"
-- Zorak on Space Ghost
GNUPG Key fingerprint = ACD2 2F2F C151 FB35 B3AF C821 89C4 DF9A 5DDD 95D1
GNUPG Key = http://www.enoch.org/mike/mike.pubkey.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 230 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020313/ebf333ba/attachment.pgp>
More information about the TriLUG
mailing list