From owner-freebsd-security  Tue Jan  5 14:16:19 1999
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id OAA18725
          for freebsd-security-outgoing; Tue, 5 Jan 1999 14:16:19 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from stennis.ca.sandia.gov (stennis.ca.sandia.gov [146.246.243.44])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id OAA18720
          for <freebsd-security@FreeBSD.ORG>; Tue, 5 Jan 1999 14:16:17 -0800 (PST)
          (envelope-from bmah@stennis.ca.sandia.gov)
Received: (from bmah@localhost)
	by stennis.ca.sandia.gov (8.9.2/8.9.2) id OAA19362;
	Tue, 5 Jan 1999 14:15:38 -0800 (PST)
Message-Id: <199901052215.OAA19362@stennis.ca.sandia.gov>
X-Mailer: exmh version 2.0.2 2/24/98
To: The Hermit Hacker <scrappy@hub.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: ssh "error" message .. 
In-Reply-To: Your message of "Tue, 05 Jan 1999 17:45:05 -0400."
             <Pine.BSF.4.05.9901051744120.18250-100000@thelab.hub.org> 
From: bmah@CA.Sandia.GOV (Bruce A. Mah)
Reply-To: bmah@CA.Sandia.GOV
X-Face: g~c`.{#4q0"(V*b#g[i~rXgm*w;:nMfz%_RZLma)UgGN&=j`5vXoU^@n5<Pi&akO)o^8;[r
 %l(8ZHlbF`dD>v4:OO)c["!w)nD/!!~e4Sj7LiT'6*wZ83454H""lb{CC%T37O!!'S$S&D}sem7I[A
 2V%N&+
X-Url: http://www.ca.sandia.gov/~bmah/
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_-361153620P";
	 micalg=pgp-md5; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Date: Tue, 05 Jan 1999 14:15:38 -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

--==_Exmh_-361153620P
Content-Type: text/plain; charset=us-ascii

If memory serves me right, The Hermit Hacker wrote:

> Has anyone seen the following before?  I'm thinking a port-attack, since
> I've gotten two reports so far, each reporting the same host, but
> different IP...
> 
> hub> logout
> Waiting for forwarded connections to terminate...
> The following connections are open:
>   X11 connection from tntport0581.cwjamaica.com port 1488
>   X11 connection from tntport0581.cwjamaica.com port 1918

Yes, many many times.  These are the error messages that you see when you ssh 
to another machine, fire up some X clients on the remote host, then try to 
logout.  The X protocol messages from the X clients are tunneled over the 
encrypted SSH connection, so the SSH connection can't go away without killing 
the clients.  The behavior you see gives you (the user) a chance to gracefully 
shut down the X clients first.

If I don't care about those X clients, I'll usually kill the window from which 
I ran ssh.

Bruce.



--==_Exmh_-361153620P
Content-Type: application/pgp-signature

-----BEGIN PGP MESSAGE-----
Version: 2.6.2

iQCVAwUBNpKPCajOOi0j7CY9AQEbTAP/S3j8mTse65K58z1TLHKOpoqrdhuYBRtt
gDN10m4+icrf75yO3/AyYVHS4TwyL8/14Gck7w95c2ShIQz7HxE3eu9mq5dUYRdy
h0ydP9mH4cHl8Hn7hsCBZyI9OdU7SOB7WwGYpbc41doPNhYNRTbnEbF6Gn0MvE+z
n4JGFisjyb4=
=cYQn
-----END PGP MESSAGE-----

--==_Exmh_-361153620P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message