[svlug] startx | no tcp port ?

Tin Le tin at le.org
Fri May 26 12:15:34 PDT 2000


-----BEGIN PGP SIGNED MESSAGE-----

Umm, you _are_ running filter on your machine, no?  Security starts at each
host.  By habit, machines I set up have something like this in the bootup
script:

# flush all commands/rules
ipchains -F

# Now, default policy on the input chain is DENY, so everything else
# gets dropped:
ipchains -P input DENY

..setup filters..etc...

Then you do not have to worry about anyone sniffing you, unless of
course you are running on a multiusers system.  But then I do not run
X on multiuser systems.... for many obvious reasons.

Tin Le
- ----
http://tin.le.org
Internet Security and Firewall Consulting
Tin Le - tin at le.org

On Fri, 26 May 2000, Bill Schoolcraft wrote:

> Date: Fri, 26 May 2000 10:47:30 -0700 (PDT)
> From: Bill Schoolcraft <bill at wiliweld.com>
> To: Karen Shaeffer <shaeffer at best.com>
> Cc: svlug at svlug.org
> Subject: Re: [svlug] startx | no tcp port ?

> I had to wait to get to work for I had another underlying motive to
> shut down port 6000 and it was the security warning that I read at:

> http://linuxtoday.com/news_story.php3?ltsn=2000-05-25-018-04-SC-CD

> Which shed some new light on the "DoS attack against X"

>         Bill Schoolcraft  http://www.billschoolcraft.com
>         PO Box 210076	         San Francisco, CA 94121

>                 " saevis tranquillus in undis "

> _______________________________________________
> svlug mailing list
> svlug at lists.svlug.org
> http://lists.svlug.org/mailman/listinfo/svlug


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBOS7NVBiIIbPkDHhBAQG9wgQAp9HUZHYDPhWeoapT+94A9bpYUSkQflUo
aoTAWVfLQjIrvau07C1fRR/QpwlwxL8cH1xqDJtbCyB9xsWeLEIo3+vzsl/ZlxVu
tbaRzuRxR6N5qTY/b2G3XcRujUlkHyeAWI2OfxD/MkTJsmXcEi4vviQGL8bQe9Lq
a3ewpTJRFtU=
=hCye
-----END PGP SIGNATURE-----






More information about the svlug mailing list