Re: being hacked via ssh with X11 forwarding?

To: aphro <nate@firetrail.com>
Cc: debian-user@lists.debian.org
Subject: Re: being hacked via ssh with X11 forwarding?
From: <debuser@platinum.globalmart.com>
Date: Tue, 11 Jan 2000 17:53:44 -0700 (MST)
Message-id: <[🔎] Pine.LNX.3.96.1000111174812.1601A-100000@platinum.globalmart.com>
In-reply-to: <[🔎] Pine.LNX.4.21.0001070033300.24198-100000@galactica.firetrail.com>

Well, I've talked to the guy that owns that machine, and he assured me
that he wasn't hacking me, and I believe him.  But now the question
remains, what caused this message?  Any possible explanations out there?

Thanks,

Gerry

PS: I'm paranoid about being hacked since another machine on our network
was hacked via a smail vulnerability.

On Fri, 7 Jan 2000, aphro wrote:

> ssh automatically tries to connect to a remote X server when a conneciton
> is established, to disable this behavior(for good) recompile ssh with the
> configure flag --without-x to make sure nobody can connect to your X
> server or use your ssh client to connect to a remote X server.
> 
> dont think anyone can 'hack' your X unless they already had an account on
> your machine.
> 
> nate
> 
> On Thu, 6 Jan 2000 debuser@platinum.globalmart.com wrote:
> 
> debuse >>From my Linux box at work, I was using ssh to connect to my personal ISP.
> debuse >I had X11 forwarding turned on.  When I went to log out I got this
> debuse >message: 
> debuse >
> debuse >Waiting for forwarded connections to terminate...
> debuse >The following connections are open:
> debuse >  X11 connection from shell.schwa.net port 1087
> debuse >
> debuse >Is someone from that machine hacking me?  If so, how would he do this? If
> debuse >not, what does it mean?  I see there is a user logged onto my ISP from
> debuse >that machine.  What logs should I be looking at for information?
> debuse >
> debuse >Thanks,
> debuse >
> debuse >Gerry
> debuse >
> debuse >
> debuse >-- 
> debuse >Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> debuse >
> 
> ----------------------------------------[mailto:aphro@aphroland.org ]--
>    Vice President Network Operations       http://www.firetrail.com/
>   Firetrail Internet Services Limited      http://www.aphroland.org/
>        Everett, WA 425-348-7336            http://www.linuxpowered.net/
>             Powered By:                    http://comedy.aphroland.org/
>     Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
> -----------------------------------------[mailto:aphro@netquest.net ]--
> 12:30am up 140 days, 12:27, 2 users, load average: 1.99, 1.67, 1.57
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>

Reply to:

Follow-Ups:
- Re: being hacked via ssh with X11 forwarding?
  - From: aphro <nate@firetrail.com>
- Re: being hacked via ssh with X11 forwarding?
  - From: George Bonser <grep@shorelink.com>

References:
- Re: being hacked via ssh with X11 forwarding?
  - From: aphro <nate@firetrail.com>

Prev by Date: Few problems
Next by Date: Re: Help - efax and USR Sportster
Previous by thread: Re: being hacked via ssh with X11 forwarding?
Next by thread: Re: being hacked via ssh with X11 forwarding?
Index(es):
- Date
- Thread