[Courses] New to this list, so, hi!

Elwing elwing at elwing.org
Wed Aug 27 08:45:40 EST 2003 

I suggest blocking ports 6000-6063 (there are a possible 64 displays that
X can use)  port 6000 is :0.0 port 6001 is :1.0, etc...

another possibility is to make sure that you *NEVER* *EVER* do xhost +  by
itself.  do xhost +IP instead

There's a nifty tool called xscan and xwin that will keystroke log
(xscan), and grab a screenshot (xwin) remotely over ports 6000-6063.
Great for getting root passwords.

The other option is to use the "secure keyboard" option in xterm (not
available in konsole and gnome's terminal that I'm aware of). It's in one
of the menus when you hold ctrl or shift or alt and click on the xterm -
don't have xterm here or I'd tell you exactly which one.

Laura



On 27 Aug 2003, Robyn Manning wrote:

> On Wed, 2003-08-27 at 18:44, joe shindlin wrote:
>
> > I am following a small guide on oneeyedcrow on
> > shutting of X from listening on those port's, but i
> > can't seem to find the interface name, i try 'X11+',
> > 'X+', 'x11+', 'x+'...
> > How would i go about finding the name, if there's a
> > program that tell's you i would love to know, or
> > possibly i'm adding to my 'rc.firewall' script
> > incorrectly, at any rate, some input would be great.
> > Joe.
>
> Hi Joe
>
> There are other mailing lists on Linuxchix including Techtalk which is a
> good forum for tech questions etc.
>
> Your answer would be to nmap the IP address of the box in question here
> it's myself and you can see that port 6000/tcp is open for X11.
>
> nmap 192.168.0.11
>
> Starting nmap 3.30 ( http://www.insecure.org/nmap/ ) at 2003-08-27 19:42
> CST
> Interesting ports on kanga (192.168.0.11):
> (The 1641 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 22/tcp     open        ssh
> 139/tcp    open        netbios-ssn
> 6000/tcp   open        X11
>
>
> In your firewall script you'd have to close port 6000. Or stop 'X' from
> doing it in the first place which I think you can do. Somehow?
>
> Robyn
>
> > --
> > You are slower than a herd of turtles stampeding through peanut butter.
>
> _______________________________________________
> Courses mailing list
> Courses at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/courses
>
>
>

More information about the Courses mailing list