LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-17-2005, 04:36 PM   #1
stony1205
LQ Newbie
 
Registered: Aug 2005
Posts: 3

Rep: Reputation: 0
Port 6000 X11 Security Hole


I'm a new user to Linux, but I"ve been using Windows products for a few years now. I'm running version 3.9 of Knoppix (LiveCD, not HD install). I've read on many places that there is a keylogging security hole in the X Windows session on port 6000. I've tried "xhost -", which is what one of the articles suggested, but I'm not exactly sure if that covered it. Any help would be greatly appreciated.

Note: This is obviously a home box, not a server, and I'm not running any services.

Stony1205
 
Old 08-17-2005, 06:21 PM   #2
imitheos
Member
 
Registered: May 2005
Location: Greece
Posts: 374

Rep: Reputation: 55
Re: Port 6000 X11 Security Hole

Quote:
Originally posted by stony1205
I'm a new user to Linux, but I"ve been using Windows products for a few years now. I'm running version 3.9 of Knoppix (LiveCD, not HD install). I've read on many places that there is a keylogging security hole in the X Windows session on port 6000. I've tried "xhost -", which is what one of the articles suggested, but I'm not exactly sure if that covered it. Any help would be greatly appreciated.

Note: This is obviously a home box, not a server, and I'm not running any services.

Stony1205
Yes. In general, someone can grab your mouse/keyboard and control your session or log your keys as you say.
For example see progie "xremote".

If you run the "xhost -" then access control is enabled and limited to only the hosts you say.
Nowadays, most distributions run the X server with "-auth" option so even with xhost someone cannot connect to the display.
He needs to have the right key. If you want to read more about it try "man xauth"

So, i guess you are ok, but if you want to close the 6000 port after all, you need to run the X server with "-nolisten tcp" option.
Since you run LiveCD version of Knoppix i don't know to tell you how you do it. (perhaps boot in console mode and run the X
from there ??)

I hope i helped.
 
Old 08-17-2005, 07:29 PM   #3
stony1205
LQ Newbie
 
Registered: Aug 2005
Posts: 3

Original Poster
Rep: Reputation: 0
Yeah, I just wanted to know if my box was compromisable or not. Thanks.

Stony
 
Old 01-08-2008, 01:30 AM   #4
addux
Member
 
Registered: Dec 2006
Location: In the middle of the ocean.
Distribution: Ubuntu 12.04, Debian Squeeze, Windows 7
Posts: 67

Rep: Reputation: 16
port 6000 help

I recently noticed that port 6000 was open according to firestarter and my logs. After reading about this port I find this a bit disturbing, I'm not sure what happened or how. Is it possible azureus opened this port? lsof -i seemed to suggest the process using it was java. Since then I used firestarter to block outbound connections via 6000 and 7000, (7000 was also in use according to firestarter). Any help? Should I bee concerned? How would this

Thanks
 
Old 01-08-2008, 01:31 AM   #5
addux
Member
 
Registered: Dec 2006
Location: In the middle of the ocean.
Distribution: Ubuntu 12.04, Debian Squeeze, Windows 7
Posts: 67

Rep: Reputation: 16
sorry

**happen?....
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
X11 Using TCP port 6000 AMMullan Linux - Security 4 04-12-2010 06:03 PM
open x11 and port 6000 for listening ccin1492 Suse/Novell 0 10-12-2005 06:31 PM
X security and blocking port 6000 Ben2210 Linux - Security 5 04-07-2005 04:26 AM
X11 port 6000 - not closed? b0uncer Linux - Security 6 02-23-2004 05:00 PM
X11 - Port 6000 - Red Hat 8 bostonsurf Linux - Security 1 01-31-2003 07:43 AM


All times are GMT -5. The time now is 07:07 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration