2016-09-05 11:01 GMT+02:00 Dominik George <n...@naturalnet.de>: >> Yes, it's connected to the internet, no it's not reachable from >> outside the LAN (on any port). > > Can you please double-check that?
I've a dedicated jessie box on firewall / NAT router duty, no forwarded ports. I can't rule out a hundred percent that it isn't compromised, of course, but everything looks fine. > Please also grep in your log files and in /etc for this IP address. Does it > also show up anywhere else? No. Just in /var/log/xrdp.log (and identically in /var/log/daemon.log) > I doubt either. The first because what you see is a *client* address > connecting to xrdp on your host Strictly speaking, that's not correct. I only ever get *disconnections* from that address. > the second because the IP address is taken directly > from the socket structur, All it takes is one stupid typo. Looking at xrdp.log and xrdp-sesman.log, there's only ever connections from "0.0.0.0:port"; and disconnections from "0.0.0.0:port", "97.114.47.114:port" and "NULL:NULL". I'd expect my workstation's 192.168.0.0/24 address and 127.0.0.1 to show up, they don't. > can you actually reproduce the issue? This is a (commented) tail -f over both logs. It does change a bit for reconnections but in principle it's always the same. # try to connect from 192.168.0.35 ==> xrdp.log <== [20160907-11:46:58] [INFO ] A connection received from: 0.0.0.0 port 53773 [20160907-11:46:58] [INFO ] An established connection closed to endpoint: 0.0.0.0:53773 - socket: 11 [20160907-11:46:58] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 10 [20160907-11:46:58] [CORE ] WARNING: Invalid x.509 certificate path defined, default path will be used: /etc/xrdp/cert.pem [20160907-11:46:58] [WARN ] Invalid X.509 certificate path defined, default path will be used: /etc/xrdp/key.pem [20160907-11:46:58] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 11 [20160907-11:46:58] [INFO ] A connection received from: 0.0.0.0 port 53774 [20160907-11:46:58] [ERROR] Listening socket is in wrong state we terminate listener [20160907-11:46:58] [INFO ] An established connection closed to endpoint: 0.0.0.0:53774 - socket: 11 [20160907-11:46:58] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 10 [20160907-11:46:59] [CORE ] WARNING: Invalid x.509 certificate path defined, default path will be used: /etc/xrdp/cert.pem [20160907-11:46:59] [WARN ] Invalid X.509 certificate path defined, default path will be used: /etc/xrdp/key.pem [20160907-11:46:59] [DEBUG] xrdp_00000f24_wm_login_mode_event_00000001 [20160907-11:46:59] [WARN ] local keymap file for 0xa0000c07 found and doesn't match built in keymap, using local keymap file ==> xrdp-sesman.log <== [20160907-11:47:08] [INFO ] A connection received from: 0.0.0.0 port 58234 ==> xrdp.log <== [20160907-11:47:09] [DEBUG] return value from xrdp_mm_connect 0 ==> xrdp-sesman.log <== [20160907-11:47:09] [INFO ] ++ created session (access granted): username chris, ip 0.0.0.0:53774 - socket: 11 [20160907-11:47:09] [INFO ] starting Xorg session... [20160907-11:47:09] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 9 [20160907-11:47:09] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 9 [20160907-11:47:09] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 9 [20160907-11:47:09] [INFO ] An established connection closed to endpoint: 0.0.0.0:58234 - socket: 8 [20160907-11:47:09] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 393221 [20160907-11:47:09] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 8 [20160907-11:47:09] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 7 [20160907-11:47:09] [INFO ] Xorg :10 -config xrdp/xorg.conf -noreset -ac -nolisten tcp -retro [20160907-11:47:09] [INFO ] starting xrdp-sessvc - xpid=3880 - wmpid=3879 ==> xrdp.log <== [20160907-11:47:09] [INFO ] lib_mod_log_peer: xrdp_pid=3876 connected to X11rdp_pid=3880 X11rdp_uid=1000 X11rdp_gid=1000 client_ip= client_port= [20160907-11:47:09] [DEBUG] xrdp_mm_connect_chansrv: chansrv connect successful [20160907-11:47:09] [INFO ] An established connection closed to endpoint: 0.0.0.0:3350 - socket: 22 [20160907-11:47:09] [INFO ] The following channel is allowed: rdpdr (0) [20160907-11:47:09] [INFO ] The following channel is allowed: rdpsnd (1) [20160907-11:47:09] [INFO ] The following channel is allowed: cliprdr (2) [20160907-11:47:10] [INFO ] The following channel is allowed: drdynvc (3) [20160907-11:47:10] [DEBUG] The allow channel list now initialized for this session # at this point I'm logged in and staring at an empty teal background, but that's a different problem # close down the session [20160907-11:48:00] [INFO ] An established connection closed to endpoint: NULL:NULL - socket: 11 [20160907-11:48:00] [DEBUG] xrdp_mm_module_cleanup [20160907-11:48:00] [INFO ] An established connection closed to endpoint: 97.114.47.114:12150 - socket: 23 [20160907-11:48:00] [INFO ] An established connection closed to endpoint: 97.114.47.114:12150 - socket: 24 [20160907-11:48:01] [ERROR] Listening socket is in wrong state we terminate listener Cheers, C.
