Almost all Unix (e.g, Linux and Solaris) machines run an X Windows server to enable the GUI. This server is designed to listen on the network for request from X clients to be displayed. Connections to your X server should be allowed only from trusted hosts.
Use the xhost utility to apply access restrictions — allow only known and trusted hosts to connect. For example:
xhost - # ...default-deny...
xhost +trusted_friend.dom.net
xhost +good_colleague.domain.org
Never, ever, type xhost +. Ever.
Modern X-servers have the -nolisten <proto> option, including that from XFree*6, Xorg and Solaris 9 and above --- not Solaris 8 and below. See the man page on either for details (man Xserver, not man X). If you are starting the X server manually (unlikely),
/usr/bin/X11/X -nolisten tcp
or (more likely) either
xinit -- -nolisten tcp # ...note the "--"
or
startx -- -nolisten tcp # ...note the "--"
The latter is a commonly used script for calling xinit with a
variable called serverargs, or similar; set this to include the
-nolisten tcp option.
| ...previous | cont's... |