LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 02-21-2004, 11:57 AM   #1
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
X11 port 6000 - not closed?


I'm quite a newbie with security-related things on linux, and just learning these... so I guess somebody has a simple answer to this question (hopefully ) which is related to a firewall based on iptables...

First of all, net-based tests (like the one at grc.com) show my ports as "stealth", but of course when I did a quick scan with nmap, it revealed my ports were all closed - except for one: port number 6000 (tcp), used by X11, was open. How's this possible? I've tried few times to get all the ports closed, but no - number 6000 isn't that easy, it just stays open no matter what I do.

So is there a way to get this damn port closed, or at least look like it? And why the heck is it open? Does X11 truly need an open port to work? Can't be...because if it is, then my X is going for a long walk with no return.

I also found that (at least in my opinion) grc-type test are quite easy to pass, but is there a way to get protected from scans like nmap? Was there or not, please tell me how I'll get my X11's open port closed.....

(please keep in mind I haven't played long with all these fwall, iptables, netfilters nor other related stuff...basically just read something about them and tried out for a small amount of time)

thanks for any help in advance
 
Old 02-21-2004, 12:13 PM   #2
cjcuk
Member
 
Registered: Dec 2003
Distribution: Openwall, ~LFS
Posts: 128

Rep: Reputation: 15
No, X does not need the port to work. Read the manual page for how to disable listening on TCP. Second thing, are you using nmap from your system? If so, you will see ports that are open _locally_ -- they may not be accessible from the Internet (I once made this mistake when I first dealt with firewalling, I thought all my rules were failing).
 
Old 02-21-2004, 12:29 PM   #3
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Original Poster
Rep: Reputation: Disabled
ok thanks.. and yes, I did run nmap from my own machine. I guess I'll have to ask a friend to run it

btw. I read an article (somewhere on the web...couldn't find it today anymore when I remembered it.. :/ ) about how to "cheat" the nmap's OS guessing. I can't remember how it exactly went, but it had something to do with netfilter...any clues on how it might go? the basic idea was (I think) to get, with the aid of netfilter-kernel module, the system look to a scanner like some another system than it really is....?
 
Old 02-21-2004, 12:33 PM   #4
cjcuk
Member
 
Registered: Dec 2003
Distribution: Openwall, ~LFS
Posts: 128

Rep: Reputation: 15
Quote:
Originally posted by b0uncer
the basic idea was (I think) to get, with the aid of netfilter-kernel module, the system look to a scanner like some another system than it really is....?
This is not really worth it. If you have external services running it is usually trivial to make one of them expose data about the system. If you do not have external services running, then your dropping everything from nmap does not give it too many clues =). In general, you would be better spending your time reading about how to lock down the firewall rules and looking into general system security.
 
Old 02-21-2004, 12:56 PM   #5
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Original Poster
Rep: Reputation: Disabled
alright thanks for answering...next job indeed is to get a bit deeper into these firewall-policies and other stuff..
 
Old 02-21-2004, 01:59 PM   #6
nakkaya
Guru
 
Registered: Jan 2003
Location: Turkey&USA
Distribution: Emacs and linux is its device driver(Slackware,redhat)
Posts: 1,398

Rep: Reputation: 45
to stop x11 from listening port 6000 run start x like that
startx -- -nolisten tcp

to avoid typing this everytime you reboot add this to your .bashrc file
alias startx='startx -- -nolisten tcp'
 
Old 02-23-2004, 04:00 PM   #7
tobyl
Member
 
Registered: Apr 2003
Location: uk
Distribution: slackware current
Posts: 743

Rep: Reputation: 50
if you launch kde automatically with kde login screen, find the xservers file,

(in /opt for slackware, but i am sure you know where kde is installed on your distro)

/opt/kde/share/config/kdm/xservers

change the line

:0 local@tty1 /usr/X11R6/bin/X vt7

to

:0 local@tty1 /usr/X11R6/bin/X vt7 -nolisten tcp

tobyl
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
X11 Using TCP port 6000 AMMullan Linux - Security 4 04-12-2010 05:03 PM
Port 6000 X11 Security Hole stony1205 Linux - Security 4 01-08-2008 12:31 AM
open x11 and port 6000 for listening ccin1492 Suse/Novell 0 10-12-2005 05:31 PM
how closed 6000/tcp - X in MDK 9.1 WannaLearnLinux Linux - Networking 5 02-03-2004 11:14 PM
X11 - Port 6000 - Red Hat 8 bostonsurf Linux - Security 1 01-31-2003 06:43 AM


All times are GMT -5. The time now is 04:18 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration