That's weird. Googling the IP leads to questions regarding the IP used in
other software:
http://marc.info/?l=secure-shell&m=88561415717174
https://groups.google.com/forum/#!msg/alt.os.linux.debian/xxOoNaYmtEY/Ow7PLI7EWO0J
Same IP, same port.
Cheers,
Daniel
2013/11/6 Kevin Cave <ke...@scarygliders.net>
> A user of my X11rdp-o-Matic build tool asked something on my blog as
> follows...
> ======================================================
>
> Hi Kevin,
>
> I am a concerned about the following logs that keep appearing in xrdp.log
> file. An ip of 109.112.47.46 tries to connect to xrdp whenever I try to
> connect. It does not appear to be in any other logs, the firewall on the
> router and server are locked up tight. Considering that the NSA has their
> hands in everything i’m a bit suspicious on anything weird showing up in
> the logs. I have searched around and could not find an answer. Its been
> showing up in xrdp.log since i installed xrdp. It seems to appear only when
> i xrdp to the server. The IP is some ip at Vodaphone Milan Italy. Here’s a
> excerpt of the xrdp.log, (My ip address xxx.xxx.xxx.xxx)
>
> [20131105-05:31:58] [INFO ] An established connection closed to endpoint:
> 127.0.0.1:3350 – socket: 11
> [20131105-05:31:58] [INFO ] The following channel is allowed: cliprdr (0)
> [20131105-05:31:58] [INFO ] The following channel is allowed: rdpsnd (1)
> [20131105-05:31:58] [INFO ] This channel is disabled (not in List): snddbg
> [20131105-05:31:58] [INFO ] The following channel is not allowed: snddbg
> (2)
> [20131105-05:31:58] [DEBUG] The allow channel list now initialized for
> this session
> [20131105-05:32:22] [INFO ] An established connection closed to endpoint:
> xxx.xxx.xxx.xxx:56981 – socket: 8
> [20131105-05:32:22] [DEBUG] xrdp_mm_module_cleanup
> [20131105-05:32:22] [INFO ] An established connection closed to endpoint:
> 109.112.47.46:12148 – socket: 12
> [20131105-05:32:22] [INFO ] An established connection closed to endpoint:
> 109.112.47.46:12148 – socket: 13
> [20131105-05:32:38] [INFO ] A connection received from: xxx.xxx.xxx.xxx
> port 56982
> [20131105-05:32:38] [INFO ] An established connection closed to endpoint:
> xxx.xxx.xxx.xxx:56982 – socket: 8
> [20131105-05:32:38] [INFO ] An established connection closed to endpoint:
> NULL:NULL – socket: 7
> [20131105-05:32:38] [DEBUG] MCS_CJRQ – channel join request received
> [20131105-05:32:38] [DEBUG] MCS_CJRQ – channel join request received
> [20131105-05:32:38] [DEBUG] MCS_CJRQ – channel join request received
> [20131105-05:32:38] [DEBUG] xrdp_000035e6_wm_login_mode_event_00000001
> [20131105-05:32:38] [WARN ] local keymap file for 0×0409 found and dosen’t
> match built in keymap, using local keymap file
> [20131105-05:32:50] [DEBUG] returnvalue from xrdp_mm_connect 0
> [20131105-05:32:50] [DEBUG] xrdp_mm_connect_chansrv: chansrvconnect
> successful
> [20131105-05:32:50] [INFO ] An established connection closed to endpoint:
> 127.0.0.1:3350 – socket: 11
> [20131105-05:32:51] [INFO ] The following channel is allowed: cliprdr (0)
> [20131105-05:32:51] [INFO ] The following channel is allowed: rdpsnd (1)
> [20131105-05:32:51] [INFO ] This channel is disabled (not in List): snddbg
> [20131105-05:32:51] [INFO ] The following channel is not allowed: snddbg
> (2)
> [20131105-05:32:51] [DEBUG] The allow channel list now initialized for
> this session
> [20131105-06:13:01] [INFO ] An established connection closed to endpoint:
> 109.112.47.46:12148 – socket: 13
> [20131105-06:13:01] [INFO ] An established connection closed to endpoint:
> xxx.xxx.xxx.xxx:56982 – socket: 8
> [20131105-06:13:02] [DEBUG] xrdp_mm_module_cleanup
> [20131105-06:13:02] [INFO ] An established connection closed to endpoint:
> 109.112.47.46:12148 – socket: 12
> [20131105-06:29:06] [INFO ] An established connection closed to endpoint:
> NULL:NULL – socket: 7
>
> ===========================================================================
>
>
> A quick search reveals that someone asked here;
>
> http://sourceforge.net/p/xrdp/discussion/389417/thread/e8fb6b34/
>
>
> And another person also noted this on my blog here;
>
>
> http://scarygliders.net/2013/07/25/x11rdp-o-matic-version-3-now-released/comment-page-1/#comment-5187
>
> I'm also curious as to where that IP address is coming from, and why that
> behaviour?
>
> Anyone have any clues?
>
> Regards
>
> Kevin Cave
>
> http://scarygliders.net
>
>
> ------------------------------------------------------------------------------
> November Webinars for C, C++, Fortran Developers
> Accelerate application performance with scalable programming models.
> Explore
> techniques for threading, error checking, porting, and tuning. Get the most
> from the latest Intel processors and coprocessors. See abstracts and
> register
> http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
> _______________________________________________
> xrdp-devel mailing list
> xrdp-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/xrdp-devel
>
>
------------------------------------------------------------------------------
November Webinars for C, C++, Fortran Developers
Accelerate application performance with scalable programming models. Explore
techniques for threading, error checking, porting, and tuning. Get the most
from the latest Intel processors and coprocessors. See abstracts and register
http://pubads.g.doubleclick.net/gampad/clk?id=60136231&iu=/4140/ostg.clktrk
_______________________________________________
xrdp-devel mailing list
xrdp-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/xrdp-devel
