Archive for the tag 'Listening'

How to disable X Window System Listening

To prevent X.org from listening for remote connections, create the file /etc/X11/xinit/xserverrc and fill it with the following line:

exec X :0 -nolisten tcp $@

One of X.org’s features is the ability to provide remote graphical display. This feature should be disabled unless it is required. If the system uses runlevel 5, which is the default, the GDM display manager starts X safely, with remote listening disabled. However, if X is started from the command line with the startx command, then the server will listen for new connections on X’s default port, 6000.

SBDavid

Verifying Which Ports Are Listening

Verifying Which Ports Are Listening

After configuring network services, it is important to pay attention to which ports are actuallylistening on the system’s network interfaces. Any open ports can be evidence of an intrusion.

There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack by typing commands such as netstat -an or lsof -i.

# netstat -an

Or

#lsof -i

This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system.
For this reason, these applications are frequent targets for replacement by attackers. In this way, crackers attempt to cover their tracks if they open unauthorized network ports.

A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.

root@:~# nmap -sT -O localhost

Starting Nmap 4.76 ( http://nmap.org ) at 2009-10-08 11:31 EDT
Interesting ports on localhost.localdomain (127.0.0.1):
Not shown: 997 closed ports

PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
3128/tcp open squid-http
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.17 - 2.6.22
Network Distance: 0 hops
OS detection performed.
Please report any incorrect results at http://nmap.org/submit/.
Nmap done: 1 IP address (1 host up) scanned in 3.15 seconds