Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] blocking port 6000



On Tue, Sep 03, 2002 at 11:36:45PM +0900, Operator wrote:
> TLUG'ers,
> I just ran nessus  and it told me that the X-server is accepting responses 
> from anyone!! this is bad..how do I stop this.. I'm using Mandrake 8.2 @ msec 
> 3.


Just went to MD's site to look for an answer--WOW, what a SLOW site.  As
near as I can see, they have a Bastille firewall thingie--does it give
you the option of which ports to configure?  (I gave up looking after
awhile, the site was too slow).

Anyway, if you type the command InteractiveBastille from a
terminal--they mention that you have to be root, and I'm guessing that
this is a case where you might have to either do an su - or log in as
root. (Doing a simple su will probably get you a bunch of command not
found things)..
  

If that doesn't give you the option of ports, then you might have to
manually try to add a rule--I remember someone telling their firewall
scripts were a bit confusing, but...

You'll have to figure out if it's running ipchains or iptables
(hopefully, that Bastille uses one or the other). To do this, again as
root do 
iptables -L -n --line-numbers

and if you get an error message then try ipchains -L -n  --line-numbers

(it might be --line-number rather than numbers, but IIRC both work)

If one of these gives you a result, 
then, you can see where you want to insert it, for example, after a rule
denying most well-known ports (0-1023).  

Say you wanted to insert it on line 7 then it would be
iptables -I INPUT 7 -s 0/0 -d 0/0 -p tcp --syn --dport 6000:6009 -j DROP

The syntax is slightly different for ipchains, I ~think~ (but if you
have ipchains and do 

ipchains --help | less
it should give it to you

ipchains -I input 7 -s 0/0 -d 0/0 -p tcp -yes 6000:6009 -j DENY 

Again, take a look at the help page (as opposed to
the man page--the help page is fairly straightforward).  Again, that's
assuming Bastille uses one or the other.  

-- 
Scott

PGP keyID EB3467D6 (1B48 077d 66F6 9DB0 FDC2  A409 FA54 D575 EB34 67D6 )
gpg --keyserver pgp.mit.edu --recv-keys EB3467D6


 Colonel: Every inch of this installation is under constant, 24-hour
surveillance.
 Willow: Including the secret lab?
 Colonel: Everything! (pause) What secret lab?

Attachment: pgp00050.pgp
Description: PGP signature


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links