On 25/06/2010 21:49, Aaron Clark wrote: > Do you think its more likey that its a bug in the OS, or the server has been > comprimised.
The latter is easier to analyse, plenty of tools around to do that. Or nuke the server and start over. p > Aaron K. Clark > A+, Network+, CCNA > Intellicom, Inc > acl...@intellicominc.com > 308-237-0684 x228 (Office) > 308-440-5500 (Cell) > 1700 2nd Ave > Kearney, Ne 68847 > ________________________________________ > From: André Warnier [...@ice-sa.com] > Sent: Friday, June 25, 2010 3:47 PM > To: Tomcat Users List > Subject: Re: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port > > Konstantin Kolinko wrote: >> 2010/6/23 Aaron Clark <acl...@intellicominc.com>: >>> 1) Terminal Services starts listening on port 80 instead of 3380 >>> >>> 2) We determined this by disabling Tomcat. The problem stopped. This is >>> happening on their website, so we would know it happens because customers >>> would call in saying the website is down. >>> >>> 3) Right now (before the switch) it is showing tomcat running on 80 and >>> svchost running on 3389. I haven't run this command after the switch yet. >>> >>> >>> 4) Tomcat is what runs on port 80, yes. >>> >> >> Are access logs enabled on that system? What happens with Tomcat when >> this happens (is it down and unable to start?) I doubt that this >> change might happen while Tomcat still runs. Is the system property >> secured? E.g. such trivial issue as CVE-2009-3548 >> >> http://tomcat.apache.org/security-6.html >> > Aaron, > to insist : > - there is no way for a process (RDP) to tell the Operating System (Windows), > something > like "change the port number of my listening socket to xxx". Such a call > does not exist. > - there is no way for a process to tell the OS "change the listening port > number xxx of > process yyy to zzz". Such a call does not exist. > - Tomcat itself (nor the JVM that actually runs Tomcat) does not contain code > that would > even try to do that. > > But a rogue webapp running under Tomcat /might/ contain code that helps a > hacker into > doing something like that. > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > CONFIDENTIALITY NOTICE: This communication and any files or attachments > transmitted with it may contain information that is confidential, privileged > and exempt from disclosure under applicable law. It is intended solely for > the use of the intended recipient. If you are not the intended recipient, you > are hereby notified that any unauthorized review, use, disclosure, > dissemination, or copying of this communication is strictly prohibited. If > you have received this communication in error, please notify the sender by > reply E-mail and destroy all copies of the original message. Additionally, we > will take the appropriate action to avoid sending you an unintended E-mail in > the future. Thank you for your cooperation. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
signature.asc
Description: OpenPGP digital signature