SSHD has X forwarding enabled by default. Though it does not work very well through a firewall running ipchains >on 3/14/2001 3:24 PM, David Lang at [EMAIL PROTECTED] wrote: > is it possible that SSH is configured to do port forwarding for X or > something like that? > > David Lang > > On Wed, 14 Mar 2001, Carric Dooley wrote: > >> Date: Wed, 14 Mar 2001 15:02:25 -0500 (EST) >> From: Carric Dooley <[EMAIL PROTECTED]> >> To: Jose Nazario <[EMAIL PROTECTED]> >> Cc: Satish Ramaswamy <[EMAIL PROTECTED]>, [EMAIL PROTECTED] >> Subject: Re: sshd >> >> No.. I have seen the exact same thing. I just happened to do a netstat >> while connected to a new RH7 (wolverine beta runnin OpenSSH), and >> immediately felt my stomach drop down around my socks. I started digging >> around is lsof, and finally killed the process and <pop>, I was >> disconnected. I then telnetted from an authorized machine, did a netstat >> and lsof -i and the 6010 port was gone. When I reconnected via SSH, it >> came right back. I just knew my brand new server had been hacked and I >> was so pissed (as well as feeling stupid), and I was EVER so relieved to >> find it was just SSH. >> >> >> Carric Dooley >> Senior Consultant >> COM2:Interactive Media >> >> "But this one goes to eleven." >> -- Nigel Tufnel >> >> >> On Wed, 14 Mar 2001, Jose Nazario wrote: >> >>> On Wed, 14 Mar 2001, Satish Ramaswamy wrote: >>> >>>> I was talking abt sshd listening on the server rather that the client >>>> viz inbound trafics. >>> >>> it shouldn't. none of my MANY boxes, using ssh.com and openssh sshd's, >>> EVER do this, and this is on a SMACKLOAD of OS's, including IRIX, Solaris, >>> OpenBSD, Linux (2.0, 2.2, 2.4, PPC, etc). >>> >>> maybe you have a rootkit installed? sshd's have been trojaned in the past >>> few years, allowing for special access for the kiddies. this may be what >>> you're looking at. >>> >>> ____________________________ >>> jose nazario [EMAIL PROTECTED] >>> PGP: 89 B0 81 DA 5B FD 7E 00 99 C3 B2 CD 48 A0 07 80 >>> PGP key ID 0xFD37F4E5 (pgp.mit.edu) >>> >>> - >>> [To unsubscribe, send mail to [EMAIL PROTECTED] with >>> "unsubscribe firewalls" in the body of the message.] >>> >> > > - > [To unsubscribe, send mail to [EMAIL PROTECTED] with > "unsubscribe firewalls" in the body of the message.] > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
