A user of my X11rdp-o-Matic build tool asked something on my blog as
follows...
======================================================
Hi Kevin,
I am a concerned about the following logs that keep appearing in xrdp.log
file. An ip of 109.112.47.46 tries to connect to xrdp whenever I try to
connect. It does not appear to be in any other logs, the firewall on the
router and server are locked up tight. Considering that the NSA has their
hands in everything i’m a bit suspicious on anything weird showing up in
the logs. I have searched around and could not find an answer. Its been
showing up in xrdp.log since i installed xrdp. It seems to appear only when
i xrdp to the server. The IP is some ip at Vodaphone Milan Italy. Here’s a
excerpt of the xrdp.log, (My ip address xxx.xxx.xxx.xxx)
[20131105-05:31:58] [INFO ] An established connection closed to endpoint:
127.0.0.1:3350 – socket: 11
[20131105-05:31:58] [INFO ] The following channel is allowed: cliprdr (0)
[20131105-05:31:58] [INFO ] The following channel is allowed: rdpsnd (1)
[20131105-05:31:58] [INFO ] This channel is disabled (not in List): snddbg
[20131105-05:31:58] [INFO ] The following channel is not allowed: snddbg (2)
[20131105-05:31:58] [DEBUG] The allow channel list now initialized for this
session
[20131105-05:32:22] [INFO ] An established connection closed to endpoint:
xxx.xxx.xxx.xxx:56981 – socket: 8
[20131105-05:32:22] [DEBUG] xrdp_mm_module_cleanup
[20131105-05:32:22] [INFO ] An established connection closed to endpoint:
109.112.47.46:12148 – socket: 12
[20131105-05:32:22] [INFO ] An established connection closed to endpoint:
109.112.47.46:12148 – socket: 13
[20131105-05:32:38] [INFO ] A connection received from: xxx.xxx.xxx.xxx
port 56982
[20131105-05:32:38] [INFO ] An established connection closed to endpoint:
xxx.xxx.xxx.xxx:56982 – socket: 8
[20131105-05:32:38] [INFO ] An established connection closed to endpoint:
NULL:NULL – socket: 7
[20131105-05:32:38] [DEBUG] MCS_CJRQ – channel join request received
[20131105-05:32:38] [DEBUG] MCS_CJRQ – channel join request received
[20131105-05:32:38] [DEBUG] MCS_CJRQ – channel join request received
[20131105-05:32:38] [DEBUG] xrdp_000035e6_wm_login_mode_event_00000001
[20131105-05:32:38] [WARN ] local keymap file for 0×0409 found and dosen’t
match built in keymap, using local keymap file
[20131105-05:32:50] [DEBUG] returnvalue from xrdp_mm_connect 0
[20131105-05:32:50] [DEBUG] xrdp_mm_connect_chansrv: chansrvconnect
successful
[20131105-05:32:50] [INFO ] An established connection closed to endpoint:
127.0.0.1:3350 – socket: 11
[20131105-05:32:51] [INFO ] The following channel is allowed: cliprdr (0)
[20131105-05:32:51] [INFO ] The following channel is allowed: rdpsnd (1)
[20131105-05:32:51] [INFO ] This channel is disabled (not in List): snddbg
[20131105-05:32:51] [INFO ] The following channel is not allowed: snddbg (2)
[20131105-05:32:51] [DEBUG] The allow channel list now initialized for this
session
[20131105-06:13:01] [INFO ] An established connection closed to endpoint:
109.112.47.46:12148 – socket: 13
[20131105-06:13:01] [INFO ] An established connection closed to endpoint:
xxx.xxx.xxx.xxx:56982 – socket: 8
[20131105-06:13:02] [DEBUG] xrdp_mm_module_cleanup
[20131105-06:13:02] [INFO ] An established connection closed to endpoint:
109.112.47.46:12148 – socket: 12
[20131105-06:29:06] [INFO ] An established connection closed to endpoint:
NULL:NULL – socket: 7
===========================================================================
A quick search reveals that someone asked here;
http://sourceforge.net/p/xrdp/discussion/389417/thread/e8fb6b34/
And another person also noted this on my blog here;
http://scarygliders.net/2013/07/25/x11rdp-o-matic-version-3-now-released/comment-page-1/#comment-5187
I'm also curious as to where that IP address is coming from, and why that
behaviour?
Anyone have any clues?
Regards
Kevin Cave
http://scarygliders.net
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
