Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers
From: Chris Edwards <chris () ENG GLA AC UK>
Date: Fri, 26 Jan 2007 12:52:39 +0000

| Briefly, the attacker connects to an X server and - provided the X
| server has been improperly configured - they are able to grab a screen
| dump, keystrokes, and anything else in the X session.


Out of interest, do those sites experiencing such attacks have incoming X
blocked at the border ?

In other words, are the attackers connecting to unsecured X servers direct
from off-campus (easy), or, from machines on-campus already compromised by
some other means (hopefully not so easy).



Chris Edwards, Glasgow University Computing Service

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]