On Mon, 29 Jan 2001 12:16:37 -0800, Harry Putnam <[EMAIL PROTECTED]> wrote:
>
> Frank Carreiro <[EMAIL PROTECTED]> writes:
>
>> I just noticed after port scanning my system there is a service running on
>> port 6000 (X11). I'm concerned about security being an issue with this port
>> open / available. Is there anyone with any comments/thoughts about securing
>> this port?
>>
>> Basically we have a system we're about to deploy on the internet and I've
>> got just about everything else locked down. I've heard it's possible to
>> comprimise a system through port 6000 and wanted to minimize my exposure.
>
> Startx with the -nolisten flag
>
> Or put it in the init files for X somewhere.
Or you could use ipchains to block access to port 6000 from the internet:
/sbin/ipchains -A input -p tcp -s $REMOTENET -d $LOCALNET 6000 -j DENY
/sbin/ipchains -A input -p udp -s $REMOTENET -d $LOCALNET 6000 -j DENY
__
Larry Grover, PhD
Assoc Prof of Physiology
Marshall Univ Sch of Med
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
