l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2004 Jun 08 17:34

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] X11 forward - used for hacking?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] X11 forward - used for hacking?

Yesterday, Melissa noticed a strange X11 message appear while she was
using IRC.  A little while later, when she went to log off from the remote
system where she was running the IRC client (an ISP shell server),
it hung with a pair of X11 connections.

Today, something similar happened, and now I'm concerned:

  Waiting for forwarded connections to terminate...
  The following connections are open:
    X11 connection from proxyscan.xs4all.nl port 11219

I went in and changed the "ForwardX11" setting we had in "/etc/ssh/ssh_config",
since it's not useful any more.  (I think she used to log into her machine
upstairs and run some X apps remotely, but I guess it's been a while.)

What I'm afraid of, though, is that this might be some kind of roundabout
hack attempt.  However, I don't have a very good understanding of the kinds
of exploits that may be involved here.

We've contacted our ISP to let them know something fishy's going on, but
no response yet.  In the meantime, I'm wondering what people here think.

Is there some way that the following connection could be made?

  somewhere.nl --> isp --> melissa's laptop

Where all Melissa did was:   ssh shell.isp.com  ?

Scared of keyloggers,

bill@newbreedsoftware.com              C is like an industrial strength
http://www.newbreedsoftware.com/       nail gun; if wielded improperly,
New Breed Software                       it can cause untold carnage.
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.