From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <cygwin-xfree-return-31575-listarch-cygwin-xfree=sources.redhat.com@cygwin.com>
Received: (qmail 28353 invoked by alias); 9 Dec 2013 14:37:56 -0000
Mailing-List: contact cygwin-xfree-help@cygwin.com; run by ezmlm
Precedence: bulk
List-Id: <cygwin-xfree.cygwin.com>
List-Subscribe: <mailto:cygwin-xfree-subscribe@cygwin.com>
List-Archive: <http://sourceware.org/ml/cygwin-xfree/>
List-Post: <mailto:cygwin-xfree@cygwin.com>
List-Help: <mailto:cygwin-xfree-help@cygwin.com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-xfree-owner@cygwin.com
Reply-To: cygwin-xfree@cygwin.com
Mail-Followup-To: cygwin-xfree@cygwin.com
Received: (qmail 28336 invoked by uid 89); 9 Dec 2013 14:37:55 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=3.5 required=5.0 tests=BAYES_99,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=no version=3.3.2
X-HELO: bay0-omc2-s9.bay0.hotmail.com
Received: from Unknown (HELO bay0-omc2-s9.bay0.hotmail.com) (65.54.190.84) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 09 Dec 2013 14:37:54 +0000
Received: from BAY178-W36 ([65.54.190.124]) by bay0-omc2-s9.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.4675);	 Mon, 9 Dec 2013 06:37:47 -0800
X-TMN: [ORlR0t1IP0YkzEZvhhpoCDXL1ft/jteX]
Message-ID: <BAY178-W360DBF8F8D31BB19078A8881D30@phx.gbl>
From: Kevin Brown <cre8tivspirit@live.com>
To: "cygwin-xfree@cygwin.com" <cygwin-xfree@cygwin.com>
Subject: Restricting Port 6000 access in Cygwin/X
Date: Mon, 09 Dec 2013 14:37:00 -0000
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-SW-Source: 2013-12/txt/msg00002.txt.bz2

My company recently sent an audit finding requesting for our Cygwin/X users=
 with a finding of the following;
=20
"The remote host is running an X11 server.=A0 X11 is a client-server protoc=
ol that can be used to display graphical applications running on a given ho=
st on a remote client.=A0=A0 Since the X11 traffic is not ciphered, it is p=
ossible for an attacker to eavesdrop on the connection."
=20
The suggested solution was;
=20
"Restrict access to this port. If the X11 client/server facility is not use=
d, disable TCP support in X11 entirely (-nolisten tcp)."
=20
=20
My problem is that I haven't found any information that would help me accom=
plish this task. I've only recently taken over support of our Cygwin users =
and am not well versed in the software. Can this be done without breaking t=
he functionality of the the software? If so, can you please advise on the s=
teps to take to accomplish this?
=20
Current version being used is 1.7.11-1.

Thanks,
Kevin E. Brown

Soli Deo Gloria!=20=09=09=20=09=20=20=20=09=09=20=20
--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://x.cygwin.com/docs/
FAQ:                   http://x.cygwin.com/docs/faq/