I am piloting an LTSP based solution. Due to our security
requirements I have had to tweak the configuration quite a bit to
harden the system. I have moved the clients to encrypted connections
based on FreeNX but the clients are still opening their X11 servers
to dog + world. Does anyone know of a good way to shut this down or
at least verifiably limit the traffic to the server.
I have considered moving all the traffic to an encrypted VPN but
cannot find good documentation on this process.
Example of issue:
# nmap -sT -sV -sR -O -v -p 1- -r 128.165.130.33
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2006-12-18
10:20 MST
Initiating Connect() Scan against thinclient (xxx.xxx.xxx.xxx) [65535
ports] at 10:20
Discovered open port 6001/tcp on 128.165.130.33
Discovered open port 6000/tcp on 128.165.130.33
Discovered open port 9200/tcp on 128.165.130.33
The Connect() Scan took 1.58s to scan 65535 total ports.
# xdpyinfo -display xxx.xxx.xxx.xxx:0
name of display: 128.165.130.33:0.0
version number: 11.0
vendor string: The X.Org Foundation
vendor release number: 60900000
X.Org version: 6.9.0
maximum request size: 16777212 bytes
motion buffer size: 256
. . .
However display 1 appears to be OK.
# xdpyinfo -display xxx.xxx.xxx.xxx:1
Xlib: connection to "xxx.xxx.xxx.xxx:1.0" refused by server
Xlib: No protocol specified
xdpyinfo: unable to open display "xxx.xxx.xxx.xxx:1".
Thanks
D.Kennel
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
