Re: being hacked via ssh with X11 forwarding?
On Tue, 11 Jan 2000, aphro wrote:
> were you ssh'd into shell.schwa.net when that message showed up? if you
> were it was your machine that was connected to the remote X server not the
> other way around.
No. I have no deliberate interaction with that machine whatsoever. I
didn't know that machine existed until I got the message that ssh was
waiting for the connection to that machine to terminate. The only
relation was that I was logged onto my ISP via ssh at the same time that
machine was logged onto the ISP.
Gerry
>
> if you are using ssh 1 i suggest using the argument -v to give verbose
> information when connecting to a machine(i use ssh -l <username> -v -C
> <hostname>)
>
> nate
>
> On Tue, 11 Jan 2000 debuser@platinum.globalmart.com wrote:
>
> debuse >Well, I've talked to the guy that owns that machine, and he assured me
> debuse >that he wasn't hacking me, and I believe him. But now the question
> debuse >remains, what caused this message? Any possible explanations out there?
> debuse >
> debuse >Thanks,
> debuse >
> debuse >Gerry
> debuse >
> debuse >PS: I'm paranoid about being hacked since another machine on our network
> debuse >was hacked via a smail vulnerability.
> debuse >
> debuse >On Fri, 7 Jan 2000, aphro wrote:
> debuse >
> debuse >> ssh automatically tries to connect to a remote X server when a conneciton
> debuse >> is established, to disable this behavior(for good) recompile ssh with the
> debuse >> configure flag --without-x to make sure nobody can connect to your X
> debuse >> server or use your ssh client to connect to a remote X server.
> debuse >>
> debuse >> dont think anyone can 'hack' your X unless they already had an account on
> debuse >> your machine.
> debuse >>
> debuse >> nate
> debuse >>
> debuse >> On Thu, 6 Jan 2000 debuser@platinum.globalmart.com wrote:
> debuse >>
> debuse >> debuse >>From my Linux box at work, I was using ssh to connect to my personal ISP.
> debuse >> debuse >I had X11 forwarding turned on. When I went to log out I got this
> debuse >> debuse >message:
> debuse >> debuse >
> debuse >> debuse >Waiting for forwarded connections to terminate...
> debuse >> debuse >The following connections are open:
> debuse >> debuse > X11 connection from shell.schwa.net port 1087
> debuse >> debuse >
> debuse >> debuse >Is someone from that machine hacking me? If so, how would he do this? If
> debuse >> debuse >not, what does it mean? I see there is a user logged onto my ISP from
> debuse >> debuse >that machine. What logs should I be looking at for information?
> debuse >> debuse >
> debuse >> debuse >Thanks,
> debuse >> debuse >
> debuse >> debuse >Gerry
> debuse >> debuse >
> debuse >> debuse >
> debuse >> debuse >--
> debuse >> debuse >Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> debuse >> debuse >
> debuse >>
> debuse >> ----------------------------------------[mailto:aphro@aphroland.org ]--
> debuse >> Vice President Network Operations http://www.firetrail.com/
> debuse >> Firetrail Internet Services Limited http://www.aphroland.org/
> debuse >> Everett, WA 425-348-7336 http://www.linuxpowered.net/
> debuse >> Powered By: http://comedy.aphroland.org/
> debuse >> Debian 2.1 Linux 2.0.36 SMP http://yahoo.aphroland.org/
> debuse >> -----------------------------------------[mailto:aphro@netquest.net ]--
> debuse >> 12:30am up 140 days, 12:27, 2 users, load average: 1.99, 1.67, 1.57
> debuse >>
> debuse >>
> debuse >> --
> debuse >> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> debuse >>
> debuse >
> debuse >
> debuse >--
> debuse >Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> debuse >
>
> ----------------------------------------[mailto:aphro@aphroland.org ]--
> Vice President Network Operations http://www.firetrail.com/
> Firetrail Internet Services Limited http://www.aphroland.org/
> Everett, WA 425-348-7336 http://www.linuxpowered.net/
> Powered By: http://comedy.aphroland.org/
> Debian 2.1 Linux 2.0.36 SMP http://yahoo.aphroland.org/
> -----------------------------------------[mailto:aphro@netquest.net ]--
> 9:39pm up 145 days, 9:39, 2 users, load average: 0.56, 0.44, 0.38
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
Reply to: