Date: Tue, 23 Apr 2002 22:20:58 +1200 From: Joerg Micheel <joerg@cs.waikato.ac.nz> To: Neil Blakey-Milner <nbm@mithrandr.moria.org> Cc: "Greg 'groggy' Lehey" <grog@freebsd.org>, Jochem Kossen <j.kossen@home.nl>, hackers@freebsd.org Subject: Re: Security through obscurity? (was: ssh + compiled-in SKEY support considered harmful?) Message-ID: <20020423222058.B57646@cs.waikato.ac.nz> In-Reply-To: <20020423093826.GA58411@mithrandr.moria.org>; from nbm@mithrandr.moria.org on Tue, Apr 23, 2002 at 11:38:26AM %2B0200 References: <rwatson@FreeBSD.ORG> <11670.1019530386@winston.freebsd.org> <20020423131646.I6425@wantadilla.lemis.com> <200204231009.51297.j.kossen@home.nl> <20020423183452.M6425@wantadilla.lemis.com> <20020423211359.D48271@cs.waikato.ac.nz> <20020423093826.GA58411@mithrandr.moria.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Apr 23, 2002 at 11:38:26AM +0200, Neil Blakey-Milner wrote: > There are people who will tell people that still use X11 tcp sockets to > start living in the 21st century. ssh X11 forwarding still works, it's > only the (often much lower security) tcp sockets that are disabled by > default. (And if the "none" cipher is available, the overhead would be > minimal for even the most underpowered machine.) I may not understand all the issues here, but can the situation be helped by improving the reporting. I.e. if the firewalling prohibits access to the X11 TCP socket, why would the firewall not report this instantly at the first attempt to connect, to be visible at the console and in /var/log/messages. I am sure Greg would have caught that first time around, and it would have safed him from a few hours of useless debugging time. Joerg -- Joerg B. Micheel Email: <joerg@cs.waikato.ac.nz> WAND and NLANR MOAT Email: <joerg@nlanr.net> The University of Waikato, CompScience Phone: +64 7 8384794 Private Bag 3105 Fax: +64 7 8585095 Hamilton, New Zealand Plan: PMA, TINE and the DAG's To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020423222058.B57646>