Want to know more about botnets?

Botnets

The Worm Blog posted this article about  a paper on botnets from researchers at the University of Wisconsin.  If you're  unfamiliar with botnets and their uses, this is a good read for you. 

X11 scanning

As seen in the latest advisory (which is just a re-release of a previous ITSP advisory), X11 scanning on tcp/6000 scanning continues to happen.  STEAM-CIRT is asking users to review their X-Server usage practices and configurations to help ensure that they do not leave themselves vulnerable to remote control/snooping attacks.  If you need to run X applications from a remote server, STEAM-CIRT recommends that you:

• Use SSH to tunnel X11 through a secure channel
• Never type `xhost +` to allow remote X communications
• If you are using Exceed Hummingbird, see ECN's Knowledgebase article on proper configuration.

Posted by Matthew Wirges on March 16, 2006, in Handlers Log.