Educause Security Discussion mailing list archives

Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers

From: Chris Edwards <chris () ENG GLA AC UK>
Date: Fri, 26 Jan 2007 12:52:39 +0000

| Briefly, the attacker connects to an X server and - provided the X
| server has been improperly configured - they are able to grab a screen
| dump, keystrokes, and anything else in the X session.

Hi,

Out of interest, do those sites experiencing such attacks have incoming X
blocked at the border ?

In other words, are the attackers connecting to unsecured X servers direct
from off-campus (easy), or, from machines on-campus already compromised by
some other means (hopefully not so easy).

Thanks

Chris

--
Chris Edwards, Glasgow University Computing Service

Current thread:

Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers Roger Safian (Jan 24)
- <Possible follow-ups>
- Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers Brian Smith-Sweeney (Jan 24)
- Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers James J. Barlow (Jan 24)
- Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers Wes Young (Jan 24)
- Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers Warren Petrofsky (Jan 24)
- Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers Valdis Kletnieks (Jan 25)
- Re: Ongoing Port 6000 attacks, Windows Xserver Compromises, keyloggers Chris Edwards (Jan 26)