tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pid <...@pidster.com>
Subject Re: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port
Date Fri, 25 Jun 2010 20:56:50 GMT
On 25/06/2010 21:49, Aaron Clark wrote:
> Do you think its more likey that its a bug in the OS, or the server has been comprimised.

The latter is easier to analyse, plenty of tools around to do that.
Or nuke the server and start over.


p


> Aaron K. Clark
> A+, Network+, CCNA
> Intellicom, Inc
> aclark@intellicominc.com
> 308-237-0684 x228 (Office)
> 308-440-5500 (Cell)
> 1700 2nd Ave
> Kearney, Ne 68847
> ________________________________________
> From: André Warnier [aw@ice-sa.com]
> Sent: Friday, June 25, 2010 3:47 PM
> To: Tomcat Users List
> Subject: Re: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port
> 
> Konstantin Kolinko wrote:
>> 2010/6/23 Aaron Clark <aclark@intellicominc.com>:
>>> 1) Terminal Services starts listening on port 80 instead of 3380
>>>
>>> 2) We determined this by disabling Tomcat. The problem stopped. This is happening
on their website, so we would know it happens because customers would call in saying the website
is down.
>>>
>>> 3) Right now (before the switch) it is showing tomcat running on 80 and svchost
running on 3389. I haven't run this command after the switch yet.
>>>
>>>
>>> 4) Tomcat is what runs on port 80, yes.
>>>
>>
>> Are access logs enabled on that system? What happens with Tomcat when
>> this happens (is it down and unable to start?) I doubt that this
>> change might happen while Tomcat still runs. Is the system property
>> secured? E.g. such trivial issue as CVE-2009-3548
>>
>> http://tomcat.apache.org/security-6.html
>>
> Aaron,
> to insist :
> - there is no way for a process (RDP) to tell the Operating System (Windows), something
> like "change the port number of my listening socket to xxx".  Such a call does not exist.
> - there is no way for a process to tell the OS "change the listening port number xxx
of
> process yyy to zzz". Such a call does not exist.
> - Tomcat itself (nor the JVM that actually runs Tomcat) does not contain code that would
> even try to do that.
> 
> But a rogue webapp running under Tomcat /might/ contain code that helps a hacker into
> doing something like that.
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 
> CONFIDENTIALITY NOTICE: This communication and any files or attachments transmitted with
it may contain information that is confidential, privileged and exempt from disclosure under
applicable law. It is intended solely for the use of the intended recipient. If you are not
the intended recipient, you are hereby notified that any unauthorized review, use, disclosure,
dissemination, or copying of this communication is strictly prohibited. If you have received
this communication in error, please notify the sender by reply E-mail and destroy all copies
of the original message. Additionally, we will take the appropriate action to avoid sending
you an unintended E-mail in the future. Thank you for your cooperation.
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
> 



Mime
View raw message