[svlug] startx | no tcp port ?

Tin Le tin at le.org
Fri May 26 15:11:44 PDT 2000


-----BEGIN PGP SIGNED MESSAGE-----

> When my Xserver is not loaded, ports 22,80,53 are open and the machine
> still Masquerades my whole internal network fine.

Yes, I think you may be a little bit confused about how packet filtering
works.

> More than likely I'm missing something in reading the following
> security warning but if you "portscanned" my box I didn't want 6000 to
> be open and listening, that is before we even get to the layer of IP
> Chains rulesets. 

Ipchains and all port filters would be useless then if they don't come
into use untill after the port has been accessed.

Just because there is something running and listening on ports on your
machine does not necessarily mean they are opened to the rest of the
'outside' world.  Especially if you have a port filter in place.

I have many network services running on my server, but you only get to
see what I allowed you to see.

> When I'm personally using the Xserver on the Masq (IP_Chains) box,
> ports 22,80,53, and 6000 open. It's 6000 that I'm trying to close.
> There is nothing open in /etc/inetd.conf and there is no mention at
> all of 6000 in /etc/services etc.

Mention of a port/service in /etc/services does not meant it is running
or available.  It's completely separate and independent.  Not all services
are listed in /etc/inetd.conf nor should they be in that file.  For
example, you don't really want smtp to be in there.

> Please advise me if I'm reading the below message wrong, but isn't the
> below attack using port 6000 ?
>
> TL-> > http://linuxtoday.com/news_story.php3?ltsn=2000-05-25-018-04-SC-CD

Yes.  So?  If the port is filtered (blocked) then it does not matter.
Unless your machine is a multiusers server, where you are sharing it
with other (possibly) untrusted users.  I do not allow my users to run
X on my servers, it's a resource hog, plus the various security problems.

Tin Le
- ----
http://tin.le.org
Internet Security and Firewall Consulting
Tin Le - tin at le.org

On Fri, 26 May 2000, Bill Schoolcraft wrote:



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAgUBOS72nxiIIbPkDHhBAQGzfwQAy76kqIwE5hCctzHLnLgD6lL21BXKrQXa
cEoogSR0ipEiPTsEh5eJ0luoYpdlvZPEy2YBh3f6gQFgVnR2g+xdUYCTQyAOkZoR
3mCmkaaPbVxSfyFttnpVpU4s+mZyh2oQ6S5hKZkPg9VeLqtL5r53pYKstxj9Fdoy
SykGHXRJ9ZI=
=LHul
-----END PGP SIGNATURE-----






More information about the svlug mailing list