[K12OSN] xdmcp port number changed
cisna-barry at wc235.k12.il.us
cisna-barry at wc235.k12.il.us
Fri Sep 29 14:56:59 UTC 2006
Hello list,
On one of our K12LTSP servers ( v 4.1). i am getting when doing
tail -f /var/log/messages "tftp connection refused ack(4),,,something else...
When i do a <netstat -a | grep xdmcp > i am getting <upd 110400 0 *:xdmcp
*.*>
were the "110400" SHOULD be a 0(zero).
I have also found on this server the " john" rootkit has gotten onto
it..:(..bummer!
when the client machines boot from this server i get a bootup,,that
eventually dies in a kernel panic( never see even a gray background with
X).
>From a hard drive machine when trying to VNC to it,, i get a black
background with a black "X".
Ive tried Googling but cant really find out hot to troubleshoot the xdmcp
port being shown as the 110400???
when i do a <netstat -a | grep tftp> i get the correct results,from the
command.
Also when i try and ssh to this server i get the " add the RSA keys for
this server to your local server" and press enter,,and i never get an
actual connection/login to this server.
Im guessing the file perms have gotten clobber by John rootkit:(.
I can of course login into the console server no probs but this does seem
to take much longer than normal to get the desktop to show?
Probably best/quickiest way is to reformat server?
Can anyone give me a 1. - 2. - 3. howto,, on a reslove?
Thank You,
Barry Cisna
More information about the K12OSN
mailing list