Konstantin Kolinko wrote:
2010/6/23 Aaron Clark <acl...@intellicominc.com>:
1) Terminal Services starts listening on port 80 instead of 3380
2) We determined this by disabling Tomcat. The problem stopped. This is
happening on their website, so we would know it happens because customers would
call in saying the website is down.
3) Right now (before the switch) it is showing tomcat running on 80 and svchost
running on 3389. I haven't run this command after the switch yet.
4) Tomcat is what runs on port 80, yes.
Are access logs enabled on that system? What happens with Tomcat when
this happens (is it down and unable to start?) I doubt that this
change might happen while Tomcat still runs. Is the system property
secured? E.g. such trivial issue as CVE-2009-3548
http://tomcat.apache.org/security-6.html
Aaron,
to insist :
- there is no way for a process (RDP) to tell the Operating System (Windows), something
like "change the port number of my listening socket to xxx". Such a call does not exist.
- there is no way for a process to tell the OS "change the listening port number xxx of
process yyy to zzz". Such a call does not exist.
- Tomcat itself (nor the JVM that actually runs Tomcat) does not contain code that would
even try to do that.
But a rogue webapp running under Tomcat /might/ contain code that helps a hacker into
doing something like that.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org