Do you think its more likey that its a bug in the OS, or the server has been comprimised.
Aaron K. Clark A+, Network+, CCNA Intellicom, Inc acl...@intellicominc.com 308-237-0684 x228 (Office) 308-440-5500 (Cell) 1700 2nd Ave Kearney, Ne 68847 ________________________________________ From: André Warnier [...@ice-sa.com] Sent: Friday, June 25, 2010 3:47 PM To: Tomcat Users List Subject: Re: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP Port Konstantin Kolinko wrote: > 2010/6/23 Aaron Clark <acl...@intellicominc.com>: >> 1) Terminal Services starts listening on port 80 instead of 3380 >> >> 2) We determined this by disabling Tomcat. The problem stopped. This is >> happening on their website, so we would know it happens because customers >> would call in saying the website is down. >> >> 3) Right now (before the switch) it is showing tomcat running on 80 and >> svchost running on 3389. I haven't run this command after the switch yet. >> >> >> 4) Tomcat is what runs on port 80, yes. >> > > Are access logs enabled on that system? What happens with Tomcat when > this happens (is it down and unable to start?) I doubt that this > change might happen while Tomcat still runs. Is the system property > secured? E.g. such trivial issue as CVE-2009-3548 > > http://tomcat.apache.org/security-6.html > Aaron, to insist : - there is no way for a process (RDP) to tell the Operating System (Windows), something like "change the port number of my listening socket to xxx". Such a call does not exist. - there is no way for a process to tell the OS "change the listening port number xxx of process yyy to zzz". Such a call does not exist. - Tomcat itself (nor the JVM that actually runs Tomcat) does not contain code that would even try to do that. But a rogue webapp running under Tomcat /might/ contain code that helps a hacker into doing something like that. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org CONFIDENTIALITY NOTICE: This communication and any files or attachments transmitted with it may contain information that is confidential, privileged and exempt from disclosure under applicable law. It is intended solely for the use of the intended recipient. If you are not the intended recipient, you are hereby notified that any unauthorized review, use, disclosure, dissemination, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender by reply E-mail and destroy all copies of the original message. Additionally, we will take the appropriate action to avoid sending you an unintended E-mail in the future. Thank you for your cooperation. --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org