A user of my X11rdp-o-Matic build tool asked something on my blog as
follows...
==
Hi Kevin,
I am a concerned about the following logs that keep appearing in xrdp.log
file. An ip of 109.112.47.46 tries to connect to xrdp whenever I try to
connec
Hi,
I have that too in the logs, every time a xrdp session is disconnected or
closed. Running tcpdump does not show any actual traffic related to that IP and
no open connection is visible using netstat.
This message comes from the function g_tcp_close that is used on several .c
files.
Gustavo
That's weird. Googling the IP leads to questions regarding the IP used in
other software:
http://marc.info/?l=secure-shell&m=88561415717174
https://groups.google.com/forum/#!msg/alt.os.linux.debian/xxOoNaYmtEY/Ow7PLI7EWO0J
Same IP, same port.
Cheers,
Daniel
2013/11/6 Kevin Cave
> A user of
I think someting in the code is using, by mistake, the g_tcp_close function for
a unix domain socket and that results in a bogus IP "calculation" similar to
what is described here:
http://marc.info/?l=secure-shell&m=88561415717174
I did not check where the offending call is.
- Original Mes
Hey Kevin,
One strange which is poping from the log is that the client application
which trying to connect to your server is requesting channel named "snddbg";
I never saw this name of channel.
Anyway, xrdp blocks this channel cause it isn't in xrdp.ini list.
Try to catch a full pcap from that so
