«

Hi all,

(I trust this is ok in this group - If not pls could anyone point to a
more appropriate one, pls).

Does anyone know where to find more information about security risks /
issues having X-Windows libs + apps installed (but not running) on a DMZ
box?

Thanks in advance,

Robin

On Fri, 08 Oct 2004 12:21:13 +0200, Robin Huiser <>
wrote:

>Hi all,
>
>(I trust this is ok in this group - If not pls could anyone point to a
>more appropriate one, pls).
>
>Does anyone know where to find more information about security risks /
>issues having X-Windows libs + apps installed (but not running) on a DMZ
>box?
>
>Thanks in advance,
>
>Robin
#####################
You didn't say what OS it is but as far as FreeBSD goes, remote X
displays are disabled by default. That's the -listen_tcp option of
the startx command. Also, if I remember correctly, X server runs on
port 6000, which can be blocked.
Soemthing comes to mind. Edit the xinitrc file where it says #start
some nice programs. Delete what it says under that.
donnie

donnie wrote:

> On Fri, 08 Oct 2004 12:21:13 +0200, Robin Huiser <>
> wrote:
>
>
>>Hi all,
>>
>>(I trust this is ok in this group - If not pls could anyone point to a
>>more appropriate one, pls).
>>
>>Does anyone know where to find more information about security risks /
>>issues having X-Windows libs + apps installed (but not running) on a DMZ
>>box?
>>
>>Thanks in advance,
>>
>>Robin
>
> #####################
> You didn't say what OS it is but as far as FreeBSD goes, remote X
> displays are disabled by default. That's the -listen_tcp option of
> the startx command. Also, if I remember correctly, X server runs on
> port 6000, which can be blocked.
> Soemthing comes to mind. Edit the xinitrc file where it says #start
> some nice programs. Delete what it says under that.
> donnie
Thanks for the comment!!!

The OS is AIX and my concerns are mainly what a hacker could do with the
extra installed software and libs - there is no X server running during
normal operation.