My security people are concerned about a particular attack vector and we haven't found anything on Google to help. I'm hoping someone here can -
The concern is if someone is remoting into a machine we have 'locked down' (stripped out a lot of packages/etc) and then they copy/paste or use a keyboard emulator to retype an entire application into the remote machine. For instance: Local machine: Take executable binary and convert to hexadecimal for easy copy/paste Install software that emulates keyboard and will retype entire contents of the local machines clipboard (because we disabled copy/paste in xrdp) connect to remove machine and create a file in remote home directory Let software/keyboard emulator start retyping the entire executable We think doing a keystroke logger on the remote end and pumping the logs somewhere could help monitor part of it. But we'd really like to rate-limit the incoming keystrokes because if the attacker aims too high (re: large exploit file size) then we can at least delay the inevitable and hope we notice in time. Particularly on the system in place where keystrokes would be very minimal (essentially a kiosk driven largely by mouse clicks). Any thoughts or input would be appreciated.
------------------------------------------------------------------------------
_______________________________________________ xrdp-devel mailing list xrdp-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xrdp-devel
