From owner-freebsd-security  Thu Sep  6  8: 6:48 2001
Delivered-To: freebsd-security@freebsd.org
Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207])
	by hub.freebsd.org (Postfix) with ESMTP id D89FF37B401
	for <security@FreeBSD.ORG>; Thu,  6 Sep 2001 08:06:43 -0700 (PDT)
Received: from localhost (tez@localhost)
	by nova.fnal.gov (8.9.3+Sun/8.9.3) with ESMTP id KAA08819;
	Thu, 6 Sep 2001 10:06:37 -0500 (CDT)
X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs
Date: Thu, 6 Sep 2001 10:06:37 -0500 (CDT)
From: Tim Zingelman <zingelman@fnal.gov>
X-Sender:  <tez@nova.fnal.gov>
To: Fernan Aguero <pichita3@netscape.net>
Cc: <security@FreeBSD.ORG>
Subject: Re: some weird stuff found
In-Reply-To: <08705D38.78FF6AC2.00A48379@netscape.net>
Message-ID: <Pine.GSO.4.30.0109060947270.7654-100000@nova.fnal.gov>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 6 Sep 2001, Fernan Aguero wrote:

> In the last few days I started noticing strange things. Some of them
> I do not understand and perhaps are normal things (such as being scanned)
> and others may be more critical.
> I appreciate any help and insight you can give me.
>
>     Also: I need to print to a network printer but I'm not a print server.
>     Do I need 515 open?
>     How do I close those ports (25,587,515)?
No and no.  Add:

  sendmail_flags="-q30m"
  ldp_flags="-p"

to your /etc/rc.conf.  This will stop them from listening.

>     And last, I am running xdm but I only allowed connections from
>     localhost. Is this in any way related to X11 being on port 6000?
>     (/etc/services shows xdm on port 177)

xdm is already not listening on 177, likely due to the line:

 DisplayManager.requestPort:     0

in /usr/X11R6/lib/X11/xdm/xdm-config.  The same can be accomplished by
adding -udpPort 0 to the xdm line in /etc/ttys like this:

 ttyv8   "/usr/X11R6/bin/xdm -nodaemon -udpPort 0"       xterm   on  secure

To make the X server stop listening on port 6000, you should edit
/usr/X11R6/lib/X11/xdm/Xsetup_0 amd add -nolisten tcp, like this:

 :0 local /usr/X11R6/bin/X -nolisten tcp

 - Tim


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message