Hi,

I've noticed that gdm has a listening tcp and tcp6 sockets on random ports. Application which is opening them is gnome-session. I understand that gnome needs to use sockets in order to work but why are they tcp and tcp6? They probably there for remote access, is it possible to switch them off?


# netstat -tulpan
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:40569 0.0.0.0:* LISTEN 1038/gnome-session-
tcp 0 0 0.0.0.0:45603 0.0.0.0:* LISTEN 1373/gnome-session-
tcp6 0 0 :::44501 :::* LISTEN 1038/gnome-session-
tcp6 0 0 :::41849 :::* LISTEN 1373/gnome-session-
udp 0 0 0.0.0.0:68 0.0.0.0:* 1096/dhclient

# lsof -Pnl +M -i4 -i6
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
gnome-ses 1038 131 11u IPv6 12625 0t0 TCP *:44501 (LISTEN)
gnome-ses 1038 131 12u IPv4 12626 0t0 TCP *:40569 (LISTEN)
dhclient 1096 0 6u IPv4 19931 0t0 UDP *:68
gnome-ses 1373 1000 11u IPv6 26079 0t0 TCP *:41849 (LISTEN)
gnome-ses 1373 1000 12u IPv4 26080 0t0 TCP *:45603 (LISTEN)

Kali version 4.14 and 4.15

I also have a live USB with kali a bit older version 4.13 and I don't see any open tcp connection from gdm.

I tried to disable tcp in /etc/gdm3/daemon.conf
DisallowTCP=true
but it doesn't work.

I also noticed the ports change from time to time. Makes me slightly uncomfortable.