[K12OSN] xdmcp port number changed

Jim McQuillan jam at mcquil.com
Fri Sep 29 15:15:08 UTC 2006


On Fri, September 29, 2006 10:56 am, cisna-barry at wc235.k12.il.us wrote:
> Hello list,
>
> On one of our K12LTSP servers ( v 4.1). i am getting when doing
> tail -f /var/log/messages "tftp connection refused ack(4),,,something
> else...
> When i do a <netstat -a | grep xdmcp > i am getting <upd 110400 0 *:xdmcp
> *.*>
> were the "110400" SHOULD be a 0(zero).
> I have also found on this server the " john" rootkit has gotten onto
> it..:(..bummer!
> when the client machines boot from this server i get a bootup,,that
> eventually dies in a kernel panic( never see even a gray background with
> X).
>>From a hard drive machine when trying to VNC to it,, i get a black
> background with a  black "X".
> Ive tried Googling but cant really find out hot to troubleshoot the xdmcp
> port being shown as the 110400???


The 110400 is NOT the port number.

When you did the 'netstat', you forgot the 'n' argument which tells
netstat to show numbers instead of names.  So, your output of netstat is
showing '*:xdmcp'.  if you had done 'netstat -an', you'd see  '*:177'
instead.

The 110400 is the number of bytes in the Recieve queue for that port.

it means that someone (or some host on the network) has sent 110400 bytes
to your server, but the display manager hasn't processed them yet.


Still, I can't explain why your users can't log in.

Jim McQuillan
jam at Ltsp.org







> when i do a  <netstat -a | grep tftp> i get the correct results,from the
> command.
> Also when i try and ssh to this server i get the " add the RSA keys for
> this server to your local server" and press enter,,and i never get an
> actual connection/login to this server.
> Im guessing the file perms have gotten clobber by John rootkit:(.
> I can of course login into the console server no probs but this does seem
> to take much longer than normal to get the desktop to show?
> Probably best/quickiest way is to reformat server?
> Can anyone give me a 1. - 2. - 3.  howto,, on a reslove?
>
> Thank You,
>
> Barry Cisna
>
> _______________________________________________
> K12OSN mailing list
> K12OSN at redhat.com
> https://www.redhat.com/mailman/listinfo/k12osn
> For more info see <http://www.k12os.org>
>





More information about the K12OSN mailing list