On Thu, 02/01/2003 05:50 -0200, Bueno wrote: > I thought about the following idea: > > to install gkrellm and xterm in all the servers (altogether with 15 to > 20 > packages from them) and to export the display of the servers, to a > "server > display" in the same net, and then to export the display of this "server > > display" through a tunniling ssh to a station here in the office... > In this setup, if an attacker gains access to one of your servers, he will gain access to your local X display through the forwarded connection and will be able to do things like keystroke monitoring.
Depending on your network layout he might also gain direct access to your other servers through the unprotected exported displays. Or he might wait until you log in to them and get your password from his keystroke monitor. Depending on your level of paranoia this may or may not be an acceptable risk. -- Tim van Erven <[EMAIL PROTECTED]> OpenPGP Key ID: 712CB811 Fingerprint: F6C9 61EE 242C C012 36D5 WWW: http://www.science.uva.nl/~talerven/ BBF8 6310 D557 712C B811
