l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
April 21: Google Glass
Next Installfest:
TBD
Latest News:
Mar. 18: Google Glass at LUGOD's April meeting
Page last updated:
2004 Jun 08 19:14

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] X11 forward - used for hacking?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] X11 forward - used for hacking?



On Tue, Jun 08, 2004 at 05:34:12PM -0700, Ken Herron wrote:
> Given that the remote host is called "proxyscan", they seem to be 
> operating in the open. Some IRC servers will scan clients (see 
> <http://help.undernet.org/proxyscan/> for example), and some anti-spam 
> tactics involve proxy-scanning hosts trying to send mail.

I was talking to Jeff Newmiller and Dmitriy Ivanov on #lugod just now, and
that's pretty much what they mentioned.

The odd thing is, she had only IRC'd to some local servers in the
last 6 months, and I don't think any of them run anything like that.
HOWEVER, _I_ probably IRC'd to irc.freenode.net at some point, and I
just checked and they mention:

  *** - Freenode runs an open proxy scanner, (www.blitzed.org/bopm), as
  *** - described on our policy page
  *** - (http://freenode.net/policies.shtml#proxies).  Your use of
  *** - the network indicates your acceptance of this policy.  For your
  *** - convenience, reverse DNS for servers running the scanner return the
  *** - hostname "freenode-proxyscanner.acc.umu.se".

Still not the same host, but...

Also, she doesn't send mail locally, but does from the ISP's shell.
*shrug*


> >Is there some way that the following connection could be made?
> >
> >  somewhere.nl --> isp --> melissa's laptop
> >
> >Where all Melissa did was:   ssh shell.isp.com  ?
> 
> Oh, sure. As I'm sure you know, X11 client-server connections normally 
> run over TCP. When you connect to a remote host using ssh with X11 
> forwarding, the ssh daemon on the remote system sets up an X11 listener 
> port for clients to connect to. Depending on how the ssh daemon is 
> configured, the X11 listener port can be confined to localhost, or it can 
> be accessible over the network.

"ForwardX11" was set locally on her laptop, and I saw "X11Forwarding yes"
in the ISP's "/etc/sshd_config", so maybe that's how it happened.


Jeff, Dmitriy and I think it's _probably_ nothing to worry about, and the
removal of "ForwardX11" from the laptop's SSH options should probably just
make the issue go away.

I also checked /etc/hosts.allow and ran nmap just to make sure nothing
mysterious was running.  (The "9999" on my own personal box scared the
crap out of me for a sec, until I remembered I'm running apt-proxy there. :) )

We're also behind a firewall (err, except WAP needs to be stuck in a DMZ one
of these days; I leave it off 99% of the time, though).  It currently only
allows IDENT and some bittorrent-related stuff through.


<snip>
> Otherwise, they 
> would have had the same access to your display as any other client (which 
> is pretty serious from a security standpoint).

Yeaaah... that's what I was guessing.  Scary.  I'll post more if anything
else happens.

In the meantime, I think it's about time I changed all my passwords. ;)

-bill!
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.