[TriLUG] preventing X from opening port 6000?

Jon Carnes jonc at nc.rr.com
Wed Mar 13 11:38:56 EST 2002


Another option you might want to consider is having your firewall limit
access to port 6000 to a small range of known ip addresses.  If you normally
come in from work, then you undoubtedly come in from a known ip address.

If you come from another site, you can always ssh into the box and either
drop the protection on the port, or add the new site to your firewall.

2¢ - Jon
----- Original Message -----
From: "Geoff Purdy" <geoff.purdy at verizon.net>
To: <trilug at trilug.org>
Sent: Wednesday, March 13, 2002 10:33 AM
Subject: [TriLUG] preventing X from opening port 6000?


> The discussion of probing ssh ports brought to mind an X11 issue I've been
> trying to sort out recently.  A brief background for my question: I have a
> single RHL7.2 system connected directly to a DSL modem (i.e. no firewall /
> router).  However, I think I've locked down reasonably well.  nmap shows
the
> following (when running X):
>
> $ nmap -p 1- localhost
> Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
> Interesting ports on localhost.localdomain (127.0.0.1):
> (The 65527 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 6000/tcp   open        X11
>
> Two questions:
> a)  What is the level of risk of my system being compromised through port
> 6000 while running the X11 service?
>
> b)  I believe that if I boot into runlevel 3, I can run 'startx -nolisten
> tcp' to prevent X from opening port 6000.  How can I configure the system
to
> use the '-nolisten tcp' option when booting directly into X (runlevel 5).
>
> Thanks .
> _______________________________________________
> TriLUG mailing list
>     http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ:
>     http://www.trilug.org/~lovelace/faq/TriLUG-faq.html




More information about the TriLUG mailing list