U X biện pháp đối phó vấn đề này lệnh xhost +. Đừng lười biếng, được an toàn! Nếu bạn đang ở trong chống lại sự cám dỗnghi ngờ, ra lệnh xhost -. Xhost sẽ không chấm dứt bất kỳ kết nối hiện có, nó sẽ chỉ cấm các kết nối trong tương lai. | 336 Hacking Exposed Network Security Secrets and Solutions Figure 8-3. With XWatchWin we can remotely view almost any X application on the user s desktop Q X Countermeasure Resist the temptation to issue the xhost command. Don t be lazy be secure If you are in doubt issue the xhost - command. Xhost - will not terminate any existing connections it will only prohibit future connections. If you must allow remote access to your X server specify each server by IP address. Keep in mind that any user on that server can connect to your X server and snoop away. Other security measures include using more advanced authentication mechanisms like MIT-MAGIC-COOKIE-1 XDM-AUTHORIZATION-1 and MIT-KERBEROS-5. These mechanisms provided an additional level of security when connecting to the X server. If you use xterm or a similar terminal enable the secure keyboard option. This will prohibit any other process from intercepting your keystrokes. Also consider firewalling ports 6000-6063 to prohibit unauthorized users from connecting to your X server ports. Finally consider using ssh and its tunneling functionality for enhanced security during your X sessions. Just make sure ForwardXll is configured to yes in your sshd_config or sshd2_config file. 337 Chapter 8 Hacking UNIX Domain Name System DNS Hijinks Popularity 9 Simplicity 7 Impact 10 Risk Rating 9 DNS is one of the most popular services used on the Internet and most corporate intranets. As you might imagine the ubiquity of DNS also lends itself to attack. Many attackers routinely probe for vulnerabilities in the most common implementation of DNS for UNIX the Berkeley Internet Name Domain BIND package. Additionally DNS is one of the few services that is almost always required and running on an organization s Internet perimeter network. Thus a flaw in bind will almost surely result in a remote compromise most times with root privileges . To put the risk into perspective a 1999 security survey reported that over 50 percent of all DNS