Debian-Image: by default port 6000 open

Joachim Breitner nomeata at debian.org
Mon Aug 18 15:45:03 CEST 2008 

Hi,

Am Montag, den 18.08.2008, 13:39 +0200 schrieb Rorschach:
> $ sudo nmap -sS -A 192.168.0.202
> Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-18 13:26 CEST
> SCRIPT ENGINE: rpcinfo.nse is not a file.
> SCRIPT ENGINE: Aborting script scan.
> Interesting ports on 192.168.0.202:
> Not shown: 1712 closed ports
> PORT     STATE SERVICE VERSION
> 22/tcp   open  ssh     Dropbear sshd 0.51 (protocol 2.0)
> 6000/tcp open  X11      (access denied)
> MAC Address: B6:EA:FE:36:73:B3 (Unknown)
> Device type: general purpose
> Running: Linux 2.6.X
> OS details: Linux 2.6.13 - 2.6.20
> Uptime: 248.551 days (since Thu Dec 13 23:13:47 2007)
> Network Distance: 1 hop
> Service Info: OS: Unix
> 
> OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
> Nmap done: 1 IP address (1 host up) scanned in 23.939 seconds
> 
> Alsa a netstat -tulpen done on the device direclty:
> 
> # netstat -tulpen
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
> tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN      0          1822        1127/X          
> tcp6       0      0 :::6000                 :::*                    LISTEN      0          1821        1127/X          
> tcp6       0      0 :::22                   :::*
> LISTEN      0          1771        1102/dropbear
> 
> 
> So the Xserver is listening to tcp-connections by default. Is this necessary? I tried to deactivated but found:
> 
> debian-gta02:/etc/X11# cat xinit/xserverrc 
> #!/bin/sh
> 
> # $Id: xserverrc 189 2005-06-11 00:04:27Z branden $
> 
> exec /usr/bin/X11/X -nolisten tcp
> 
> #!/bin/sh
> 
> # $Id: xserverrc 189 2005-06-11 00:04:27Z branden $
> 
> exec /usr/bin/X11/X -nolisten tcp
> 
> 
> So it seems to be already deactivated and should run __without__ an open port because of -nolisten tcp. But why is the port open nevertheless? Any idea how to deactivate it?

A good point that you have discovered there. Maybe we override the X
options in /etc/init.d/zhone-session? If you find out how to properly
disable this, please let me know, so I can adjust the init.d file.

Greetings,
Joachim

-- 
Joachim "nomeata" Breitner
Debian Developer
  nomeata at debian.org | ICQ# 74513189 | GPG-Keyid: 4743206C
  JID: nomeata at joachim-breitner.de | http://people.debian.org/~nomeata
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.openmoko.org/pipermail/support/attachments/20080818/8e645f24/attachment.pgp

More information about the support mailing list