> I had a program a couple years ago that would allow a user to connect > to an Xwindow server so you could see what was being keyed in. But I > have misplaced it, does anyone have pointers to archive site? I want > to show our management that our firewall should NOT allow X-window > traffic from the Internet unless it is TIGHTLY controlled. It's not hard to write such a program. Just walk the window tree, selecting for KeyPress and SubstructureNotify on all windows, printing out keypresses and using window creation to trigger more event selection. However, this is not really a problem. X contains authorization mechanisms to control who is allowed to connect to the server at all. These can be disabled (in keeping with "tools not rules"); if your users insist on doing so, there is some security danger - but it's a people problem, not a technical problem. As is so often the case, the way to attack this problem is by educating people, thus making them understand why they want to be careful and what mechanisms are available to allow them to do so, rather than imposing technical restrictions that are easy to get around and, since they don't teach anyone _why_ they're there, just incite people to do so. Your firewall is not really capable of identifying "X-window" (by which I assume you mean The X Window System[%]) traffic. The most it can do is refuse traffic to the port number usually used for X display 0, perhaps with display 1 or 2 added for good measure. But your firewall is not really in a position to keep someone from starting a server using (say) port 7654 and telling remote apps to use hostname:1654. [%] "It's a window system called X, not a system called X-window." der Mouse mouse@collatz.mcrcim.mcgill.edu