[Courses] New to this list, so, hi!
joe shindlin
jojotheracoon at yahoo.com
Wed Aug 27 06:24:48 EST 2003
--- Elwing <elwing at elwing.org> wrote:
> I suggest blocking ports 6000-6063 (there are a
> possible 64 displays that
> X can use) port 6000 is :0.0 port 6001 is :1.0,
> etc...
>
> another possibility is to make sure that you *NEVER*
> *EVER* do xhost + by
> itself. do xhost +IP instead
>
> There's a nifty tool called xscan and xwin that will
> keystroke log
> (xscan), and grab a screenshot (xwin) remotely over
> ports 6000-6063.
> Great for getting root passwords.
>
> The other option is to use the "secure keyboard"
> option in xterm (not
> available in konsole and gnome's terminal that I'm
> aware of). It's in one
> of the menus when you hold ctrl or shift or alt and
> click on the xterm -
> don't have xterm here or I'd tell you exactly which
> one.
>
> Laura
Hi laura, in reply to another reply, *sigh* this is
confusing, i ran 'nmap -sT Mirrus'
tarting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1550 ports scanned but not shown below are in
state: closed)
Port State Service
22/tcp open ssh
37/tcp open time
111/tcp open sunrpc
113/tcp open auth
515/tcp open printer
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned
in 0 seconds
*but* i ran a port scan at another site, port's
6000-6255, came back "stealth" like closed but better!
Is it really needed to shut down access to these
port's in this case, i have a firewall in place,
blocking all remote, accepting all connection's from
my box.
Joe. :)
P.S. if you think i'm being a little *over* safe, i
like it that way!
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
More information about the Courses
mailing list