From owner-freebsd-security@FreeBSD.ORG Mon Oct 27 17:47:08 2003 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C7DF16A4CE for ; Mon, 27 Oct 2003 17:47:08 -0800 (PST) Received: from gi.sourcefire.com (gi.sourcefire.com [12.110.105.132]) by mx1.FreeBSD.org (Postfix) with ESMTP id 19ED443FB1 for ; Mon, 27 Oct 2003 17:47:07 -0800 (PST) (envelope-from nigel@sourcefire.com) Received: from [10.41.20.38] ([216.142.52.66]) (AUTH: PLAIN nhoughton, ) by gi.sourcefire.com with esmtp; Mon, 27 Oct 2003 20:47:05 -0500 Date: Mon, 27 Oct 2003 20:45:31 -0500 (EST) From: Nigel Houghton Sender: nigel@enterprise.sfeng.sourcefire.com To: Wolfgang Kess In-Reply-To: <20031027211512.GA14467@stinky.trash.net> Message-ID: References: <20031027211512.GA14467@stinky.trash.net> X-SG1: Mr Glass is half empty over here MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=iso-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE cc: "freebsd-security@freebsd.org" Subject: Re: How to disable XFree86 and wdm listening ports X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 Oct 2003 01:47:08 -0000 wdm is a replacement for xdm and has it's own configuration directory, similar in nature to xdm but called wdm. There are different ways to achieve your desired result, you should find an appropriate place in /usr/X11R6/lib/X11/wdm/wdm-config to add the -nolisten tcp option to the server line similar to the xdm option you tried already. For gdm, the process is similar the line to start the X server is in gdm.conf and would look like command=3D/usr/X11R6/bin/X -nolisten tcp. There are other places this can be done, but these options might be easiest for you. You might also want to make sure you have XDMCP turned off also otherwise you'll be listening on udp 177 too. Around 10:15pm Wolfgang Kess said: WK :Hello, WK : WK :what is the right way to disable XFree86 and wdm listening WK :ports tcp 6000 and tcp 1024. WK : WK :I read in man XFree86 about the -nolisten tcp option WK :and tried to set in /usr/X11R6/lib/X11/xdm WK : WK ::0 local /usr/X11R6/bin/X -nolisten tcp WK : WK :but it was not successful. WK : WK : WK :What is the right way to close the ports without use of IPFW? WK : WK :Your help would be appreciated. WK : WK :Thank=B4s WK :Wolfgang WK : WK :_______________________________________________ WK :freebsd-security@freebsd.org mailing list WK :http://lists.freebsd.org/mailman/listinfo/freebsd-security WK :To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.= org" WK : ------------------------------------------------------------- Nigel Houghton Security Research Engineer Sourcefire Inc. Vulnerability Research Team "Mankind hasn't even got the technology to create a toupee that doesn't get big laughs." -- Lister