Re: How to disable XFree86 and wdm listening ports

From: Jason Stone (freebsd-security_at_dfmm.org)
Date: 10/28/03

  • Next message: Brett Glass: "Re: Best way to filter "Nachi pings"?" 
    Date: Mon, 27 Oct 2003 18:00:42 -0800 (PST)
To: Wolfgang Kess <bsdlist@kess.ch>

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    > For gdm, the process is similar the line to start the X server is in
    > gdm.conf and would look like command=/usr/X11R6/bin/X -nolisten tcp.

    If you think that you might someday invoke X with a different display
    manager, you might consider replacing /usr/X11R6/bin/X with a shell script
    that calls "X.real -nolisten tcp" - this would make all methods of
    starting X not use the tcp port. On the other hand, you'll have to
    remember to maintain it when you upgrade.

    Also, it's probably a good idea to firewall of that port as well - defense
    in depth and all that.

     -Jason

     --------------------------------------------------------------------------
     Freud himself was a bit of a cold fish, and one cannot avoid the suspicion
     that he was insufficiently fondled when he was an infant.
            -- Ashley Montagu
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.3 (FreeBSD)
    Comment: See https://private.idealab.com/public/jason/jason.gpg

    iD8DBQE/nc3KswXMWWtptckRAmsQAKDxtRh8bGXweESE9NdUnEjdZ2DyQgCguft3
    fN08dEO9gEEudzWWuQJYSkY=
    =a1Up
    -----END PGP SIGNATURE-----
    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Brett Glass: "Re: Best way to filter "Nachi pings"?"