Firewall Wizards mailing list archives
Re: X11 forwarding
From: David Lang <david.lang () digitalinsight com>
Date: Fri, 23 Aug 2002 15:05:40 -0700 (PDT)
part of it will depend on what direction you are forwarding the X11 traffic. I am also interested in the answer but would like to find out about it in the following situations. 1. desktop in low security domain, server running the process in high security domain (tcp connection made from high security domain to low security domain) 2. desktop in high security domain, server running the process in low security domain (tcp connection made from low security domain to high security domain) 3. does it change anything if you are useing a X11 proxy that gets enabled for each user on demand as opposed to leaving the port open all the time (for example the FWTK x-gw started from tn-gw after strong authentication, other firewall products have other methods) David Lang On Fri, 23 Aug 2002, hermit921 wrote:
Date: Fri, 23 Aug 2002 10:07:21 -0700 From: hermit921 <hermit921 () yahoo com> To: firewall-wizards () honor icsalabs com Subject: [fw-wiz] X11 forwarding How much of a security problem is X11 forwarding? I see CERT recommends using a version that allows this to be turned off, but doesn't specifically recommend that X11 forwarding be disabled. Neil _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- New Script Kiddie tool ? Peter Robinson (Aug 22)
- RE: New Script Kiddie tool ? Kendall Risselada (Aug 23)
- Re: New Script Kiddie tool ? H. Morrow Long (Aug 23)
- Re: New Script Kiddie tool ? Jim MacLeod (Aug 23)
- X11 forwarding hermit921 (Aug 23)
- Re: X11 forwarding David Lang (Aug 23)
- Re: X11 forwarding Brian Hatch (Aug 23)
- Re: X11 forwarding Kevin Steves (Aug 26)
- Re: X11 forwarding Pierre Blanchet (Aug 27)
- Re: X11 forwarding Kevin Steves (Aug 27)