On Tue, Nov 19, 2002 at 04:51:03PM -0800, Rick Moen wrote:
> Quoting Edward Guldemond (thedebategod@yifan.net):
>
> > In /etc/X11/xinit/xserverrc, I have the following line:
> > exec /usr/bin/X11/X -dpi 100 -nolisten tcp
> >
> > So why is X still listening on TCP?
>
> Because xdm/kdm/gdm don't heed /etc/X11/xinit/xserverrc, but rather
> /etc/X11/xdm/Xservers ?
I am not running xdm/kdm/gdm though. I am using startx from the
console. At any rate, I blocked these at the firewall level because,
although I didn't notice any obvious attack that could cause a major
problem, I was wary about leaving them open.
> It's not obvious why this necessitates an X11 server on the firewall.
> In the unlikely event that you need to run an X11 application from
> it, do "ssh -X firewallhost" and image the X11 app onto your
> non-firewall workstation.
I have two people working in this office. This is just a network that
I maintain. Currently, the company this is for (a small office),
cannot afford a firewall machine, and isn't really keen on spending
more on their network than is absolutely necessary. Trust me, I've
tried to get them to stop, but, hey, it's there network that I just
happen to maintain.
--
------------------------------------------
Edward Guldemond
GPG Key: 0x4E505B0F
Key fingerprint: 4CAC 6740 C1CD 3CE4 6CA0
34E9 B3B7 18EC 4E50 5B0FAttachment:
pgpGXTnXO2Nvi.pgp
Description: PGP signature