thanks for the helpful posts Capt_Caveman!
In /etc/opt/kde3/share/config/kdm/Xservers add the -nolisten tcp to the end of the following line:
Okay, the path looks very *non-standard*, but I'll find it this time.
I've keeping eye on the reports of my Samhain guard so I now know it was a false alarm. Nothing goes sent out without an explicit order (either by start of an application by myself, or by request from some already running application). For about 4 days I won knowledge of what folders and files my SuSE box uses, in which way and in which issue it does so.
I'd say this Samhain system is very, very reliable, very stable and provides great way of knowledge of what goes on in underneath your Linux box.
I run chkrootkit at least once per day, but I trust now my Samhain guard to tell me immediately if something on the system goes off the security rules. I know there's no 100% security, but at least I feel my box safe now...
Further I discovered, that my ADSL provider "provides virtually" the LDAP and the NetMeeting ports (389, 1002 and 1720) to each connection I make through the line, although my iptables settings show that these ports are blocked.
Furthermore I've done little bit *creative* research and have programed a small application that listens on these ports (the app runs on my Linux machine), another small application runs on my work machine and tests these opened ports by sending random packets much more like a hacker would test for exploits. The result was, that no packet has ever reached my listening applications, but all packets sent, were dropped according the iptables security rules (I found the dropped packets in the iptables log files). The conclusion: the ports are really closed
, and the reason that I see opened ports is the fact that the ADSL line *fakes* the port scanner (at least these I've tested with - IP Tools, nmap for M$ and nmap for Linux).
Many thanks Capt_Caveman
for your help and for your information - the investigation in this issue helped me to learn so many things about the security the Linux box has/should have and some ways to provide it. I also have learned how to avoid security compromises and how to reduce the risk of getting hacked. There's never 100% security of that, but avoiding security compromises help to keep the box healthy over long, long period.