Debian-Image: by default port 6000 open

Rorschach r0rschach at lavabit.com
Mon Aug 18 13:39:23 CEST 2008 

Hi,
I checked my debian-installation today:

$ sudo nmap -sS -A 192.168.0.202
Starting Nmap 4.53 ( http://insecure.org ) at 2008-08-18 13:26 CEST
SCRIPT ENGINE: rpcinfo.nse is not a file.
SCRIPT ENGINE: Aborting script scan.
Interesting ports on 192.168.0.202:
Not shown: 1712 closed ports
PORT     STATE SERVICE VERSION
22/tcp   open  ssh     Dropbear sshd 0.51 (protocol 2.0)
6000/tcp open  X11      (access denied)
MAC Address: B6:EA:FE:36:73:B3 (Unknown)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.13 - 2.6.20
Uptime: 248.551 days (since Thu Dec 13 23:13:47 2007)
Network Distance: 1 hop
Service Info: OS: Unix

OS and Service detection performed. Please report any incorrect results at http://insecure.org/nmap/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 23.939 seconds

Alsa a netstat -tulpen done on the device direclty:

# netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 0.0.0.0:6000            0.0.0.0:*               LISTEN      0          1822        1127/X          
tcp6       0      0 :::6000                 :::*                    LISTEN      0          1821        1127/X          
tcp6       0      0 :::22                   :::*
LISTEN      0          1771        1102/dropbear


So the Xserver is listening to tcp-connections by default. Is this necessary? I tried to deactivated but found:

debian-gta02:/etc/X11# cat xinit/xserverrc 
#!/bin/sh

# $Id: xserverrc 189 2005-06-11 00:04:27Z branden $

exec /usr/bin/X11/X -nolisten tcp

#!/bin/sh

# $Id: xserverrc 189 2005-06-11 00:04:27Z branden $

exec /usr/bin/X11/X -nolisten tcp


So it seems to be already deactivated and should run __without__ an open port because of -nolisten tcp. But why is the port open nevertheless? Any idea how to deactivate it?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.openmoko.org/pipermail/support/attachments/20080818/0d9059a0/attachment.pgp

More information about the support mailing list