l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Jun 08 17:46

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] X11 forward - used for hacking?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] X11 forward - used for hacking?

--On Tuesday, June 08, 2004 16:38:31 -0700 Bill Kendrick <nbs@sonic.net> wrote:

  Waiting for forwarded connections to terminate...
  The following connections are open:
    X11 connection from proxyscan.xs4all.nl port 11219
Given that the remote host is called "proxyscan", they seem to be operating in the open. Some IRC servers will scan clients (see <http://help.undernet.org/proxyscan/> for example), and some anti-spam tactics involve proxy-scanning hosts trying to send mail.

Is there some way that the following connection could be made?

  somewhere.nl --> isp --> melissa's laptop

Where all Melissa did was:   ssh shell.isp.com  ?
Oh, sure. As I'm sure you know, X11 client-server connections normally run over TCP. When you connect to a remote host using ssh with X11 forwarding, the ssh daemon on the remote system sets up an X11 listener port for clients to connect to. Depending on how the ssh daemon is configured, the X11 listener port can be confined to localhost, or it can be accessible over the network.

The X11 protocol includes a client authentication step. The ssh daemon handles this for clients connecting to the remote listening port. I don't know how (or if) this proxyscan host got past this step. It's possible they were waiting at some pre-authentication phase of the protocol, in which case they wouldn't have been able to do anything. Otherwise, they would have had the same access to your display as any other client (which is pretty serious from a security standpoint).

"Grand Funk Railroad paved the way for Jefferson Airplane, which cleared
the way for Jefferson Starship. The stage was now set for the Alan Parsons
Project, which I believe was some sort of hovercraft." - Homer Simpson

Kenneth Herron Kenneth.Herron@mci.com v658-5894 916-569-5894
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.