Re: Why wdm opens a TCP port?
Noah Meyerhans wrote: On Thu, May 16, 2002 at 10:34:32AM +0300, Petteri Heinonen wrote: Does anybody know how to configure wdm so that it doesn't open TCP port 1030 when started? I guess this is not a big security threat, but I've tried to keep open ports in minimum, and I can't see why this one would be necessary either. I have to admit that I don't know the purpose of this open port, but for example gdm, which I've used in some other boxes, doesn't, at least by default, open any ports. Edit /etc/X11/wdm/Xservers and add '-nolisten tcp' to the line that looks like :0 local /usr/bin/X11/X See if that fixes things. If not, then it's a bug and I must fix it since I am the wdm maintainer. noah I had already done that. That supresses the X from opening a port, but still the wdm process (seen with netstat -atp) keeps open the port 1030. -- Petteri Heinonenaddr: Varvikonkatu 1 C 19 phone: +358 50 3363286 33820 Tampere FIN email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why wdm opens a TCP port?
Eric G. Miller wrote: On Thu, May 16, 2002 at 03:01:23PM -0400, Noah Meyerhans wrote: On Thu, May 16, 2002 at 10:34:32AM +0300, Petteri Heinonen wrote: Does anybody know how to configure wdm so that it doesn't open TCP port 1030 when started? I guess this is not a big security threat, but I've tried to keep open ports in minimum, and I can't see why this one would be necessary either. I have to admit that I don't know the purpose of this open port, but for example gdm, which I've used in some other boxes, doesn't, at least by default, open any ports. Edit /etc/X11/wdm/Xservers and add '-nolisten tcp' to the line that looks like :0 local /usr/bin/X11/X See if that fixes things. If not, then it's a bug and I must fix it since I am the wdm maintainer. Only thing is, the X ports are 6000-7, according to /etc/services. Sure the 1030 port is not for some local use only? Is it always the same port? The ports doesn't appear to match any reserved ones in /etc/services... Don't use wdm myself, so... -- Eric G. Miller egm2@jps.net Yes, it's not the _X_ which keeps open the port, but the _wdm_. But the port indeed changed every time I restarted the wdm. I just restarted it couple of times, and the port numbers were 1083, 1084, 1085, etc. Very odd... -- Petteri Heinonenaddr: Varvikonkatu 1 C 19 phone: +358 50 3363286 33820 Tampere FIN email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why wdm opens a TCP port?
On Fri, May 17, 2002 at 08:54:04AM +0300, Petteri Heinonen wrote: Yes, it's not the _X_ which keeps open the port, but the _wdm_. But the port indeed changed every time I restarted the wdm. I just restarted it couple of times, and the port numbers were 1083, 1084, 1085, etc. Very odd... It's not that odd really. What address range is reported? I'm going to guess it's only listening on the local loopback. Also, try telnetting to the address:port. Does it hang and time out? Do you get connection refused? It would seem WDM sets up a TCP port to communicate between a parent and child (more than one WDM process running?) and therefore doesn't really care what port is used (lets the OS decide). -- Eric G. Miller egm2@jps.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why wdm opens a TCP port?
Eric G. Miller wrote: On Fri, May 17, 2002 at 08:54:04AM +0300, Petteri Heinonen wrote: Yes, it's not the _X_ which keeps open the port, but the _wdm_. But the port indeed changed every time I restarted the wdm. I just restarted it couple of times, and the port numbers were 1083, 1084, 1085, etc. Very odd... It's not that odd really. What address range is reported? I'm going to guess it's only listening on the local loopback. Also, try telnetting to the address:port. Does it hang and time out? Do you get connection refused? It would seem WDM sets up a TCP port to communicate between a parent and child (more than one WDM process running?) and therefore doesn't really care what port is used (lets the OS decide). -- Eric G. Miller egm2@jps.net Netstat reports that foreign address is *:*, and I indeed _can_ connect to it with telnet, altough if I send anything to it with the telnet, the connection gets closed. Further, there is only one wdm process running. Maybe I'll just trust my iptables :) But anyway it would be nice to know what is the purpose of this kind of behaviour, and how can it be turned off. -- Petteri Heinonenaddr: Varvikonkatu 1 C 19 phone: +358 50 3363286 33820 Tampere FIN email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why wdm opens a TCP port?
Petteri Heinonen wrote: Eric G. Miller wrote: On Fri, May 17, 2002 at 08:54:04AM +0300, Petteri Heinonen wrote: Yes, it's not the _X_ which keeps open the port, but the _wdm_. But the port indeed changed every time I restarted the wdm. I just restarted it couple of times, and the port numbers were 1083, 1084, 1085, etc. Very odd... It's not that odd really. What address range is reported? I'm going to guess it's only listening on the local loopback. Also, try telnetting to the address:port. Does it hang and time out? Do you get connection refused? It would seem WDM sets up a TCP port to communicate between a parent and child (more than one WDM process running?) and therefore doesn't really care what port is used (lets the OS decide). -- Eric G. Miller egm2@jps.net Netstat reports that foreign address is *:*, and I indeed _can_ connect to it with telnet, altough if I send anything to it with the telnet, the connection gets closed. Further, there is only one wdm process running. Maybe I'll just trust my iptables :) But anyway it would be nice to know what is the purpose of this kind of behaviour, and how can it be turned off. And one more thing which might help, at least the package maintainer who was here some time ago: I'm using unstable packages, and the version of the wdm is 1.20-15. -- Petteri Heinonenaddr: Varvikonkatu 1 C 19 phone: +358 50 3363286 33820 Tampere FIN email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why wdm opens a TCP port?
On Fri, May 17, 2002 at 10:45:36AM +0300, Petteri Heinonen wrote: Netstat reports that foreign address is *:*, and I indeed _can_ connect to it with telnet, altough if I send anything to it with the telnet, the connection gets closed. Further, there is only one wdm process running. Maybe I'll just trust my iptables :) But anyway it would be nice to know what is the purpose of this kind of behaviour, and how can it be turned off. Okay, well that doesn't sound very good. I'm not sure why WDM would want a TCP socket open on a random port, when a UNIX socket or even pipes could probably meet the need for what it's doing without opening a public port. -- Eric G. Miller egm2@jps.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Why wdm opens a TCP port?
Hello all. Does anybody know how to configure wdm so that it doesn't open TCP port 1030 when started? I guess this is not a big security threat, but I've tried to keep open ports in minimum, and I can't see why this one would be necessary either. I have to admit that I don't know the purpose of this open port, but for example gdm, which I've used in some other boxes, doesn't, at least by default, open any ports. -- Petteri Heinonenaddr: Varvikonkatu 1 C 19 phone: +358 50 3363286 33820 Tampere FIN email: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Why wdm opens a TCP port?
On Thu, May 16, 2002 at 10:34:32AM +0300, Petteri Heinonen wrote: Does anybody know how to configure wdm so that it doesn't open TCP port 1030 when started? I guess this is not a big security threat, but I've tried to keep open ports in minimum, and I can't see why this one would be necessary either. I have to admit that I don't know the purpose of this open port, but for example gdm, which I've used in some other boxes, doesn't, at least by default, open any ports. Edit /etc/X11/wdm/Xservers and add '-nolisten tcp' to the line that looks like :0 local /usr/bin/X11/X See if that fixes things. If not, then it's a bug and I must fix it since I am the wdm maintainer. noah -- ___ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html pgp1phgk81IfR.pgp Description: PGP signature
Re: Why wdm opens a TCP port?
On Thu, May 16, 2002 at 03:01:23PM -0400, Noah Meyerhans wrote: On Thu, May 16, 2002 at 10:34:32AM +0300, Petteri Heinonen wrote: Does anybody know how to configure wdm so that it doesn't open TCP port 1030 when started? I guess this is not a big security threat, but I've tried to keep open ports in minimum, and I can't see why this one would be necessary either. I have to admit that I don't know the purpose of this open port, but for example gdm, which I've used in some other boxes, doesn't, at least by default, open any ports. Edit /etc/X11/wdm/Xservers and add '-nolisten tcp' to the line that looks like :0 local /usr/bin/X11/X See if that fixes things. If not, then it's a bug and I must fix it since I am the wdm maintainer. Only thing is, the X ports are 6000-7, according to /etc/services. Sure the 1030 port is not for some local use only? Is it always the same port? The ports doesn't appear to match any reserved ones in /etc/services... Don't use wdm myself, so... -- Eric G. Miller egm2@jps.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
