From owner-freebsd-security Sat Sep 4 4:43:46 1999 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id F266D1508E for ; Sat, 4 Sep 1999 04:43:33 -0700 (PDT) (envelope-from sthaug@nethelp.no) Received: (qmail 36624 invoked by uid 1001); 4 Sep 1999 11:41:45 +0000 (GMT) To: madrapour@hotmail.com Cc: freebsd-security@freebsd.org Subject: Re: Tracing open ports on FreeBSD From: sthaug@nethelp.no In-Reply-To: Your message of "Sat, 04 Sep 1999 04:28:53 PDT" References: <19990904112855.43007.qmail@hotmail.com> X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Sat, 04 Sep 1999 13:41:45 +0200 Message-ID: <36622.936445305@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly > listening on my FreeBSD box. I don't know how this has happened, as they > were not open before. They are related to X11 as far as I know. But I had > already disabled XDM in /etc/ttys file. Could anybody tell me how I can > disable this stuff? Or how they could get opened and listening? You're probably using ssh with X11 forwarding. If you use the 'sockstat' program you'll find that sshd is listening to those ports. Disable it by running ssh without X11 forwarding (e.g. 'X11Forwarding no' in the sshd config file). Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message