Edward Guldemond <[EMAIL PROTECTED]> writes: > Starting nmap V. 2.54BETA31 ( www.insecure.org/nmap/ ) > Interesting ports on (removed) (XX.XX.XXX.XX): > (The 1552 ports scanned but not shown below are in state: closed) > Port State Service > 22/tcp open ssh > 1024/tcp open kdm [...] > Port State Service > 22/tcp open ssh [...] > Port State Service > 22/tcp open ssh > 6000/tcp open X11
You can see open ports with "netstat -atuw", too. > Now, is there any security implications of having this port open? (I > am nmap'ing this box's external Internet interface as it is my ipmasq > box.) If so, what files do I have to edit to get rid of it? I don't > need X listening on this interface. This depends on the startup method (and maybe distribution), as you already noticed. With xdm (and debian) it is /etc/X11/xdm/Xservers. With xinit it is /etc/X11/xinit/xserverrc. Look at "man xinit" and "man Xserver". There you will find an option "-nolisten". When this is your firewall, you might consider stopping X11 and not using this as a desktop machine at all. Every program running and every tool installed, might be used by an attacker against you. Regards, Olaf.