bbs.hsiao.net 交流論壇

Posted: **Fri Feb 25, 2011 3:14 am**

When I was checking why the server had a slower response time, I found port 6000 was connected from an Italian host:

/%portn 6000
      *.6000               *.*                0      0 49152      0 LISTEN
192.168.1.225.6000   217.133.242.195.37815  5888      0 49248      0 CLOSE_WAIT
192.168.1.225.6000   217.133.242.195.52053  5888      0 49248      0 ESTABLISHED
      *.6000                            *.*                             0      0 49152      0 LISTEN      

/%port 6000 
      *.6000               *.*                0      0 49152      0 LISTEN
hsiao.net.6000       static-217-133-242-195.clienti.tiscali.it.37815  5888      0 49248      0 CLOSE_WAIT
hsiao.net.6000       static-217-133-242-195.clienti.tiscali.it.52053  5888      0 49248      0 ESTABLISHED
      *.6000                            *.*                             0      0 49152      0 LISTEN

I tried to find a process that this socket was using but I couldn't find any activities on port 6000.
I had to check X server.

Code: Select all

/%fd X           
    root   592     1   0   Oct 19 ?           0:00 /usr/lib/dmi/snmpXdmid -s solaris
    root   656   654   0   Oct 19 ?          37:07 /usr/X11/bin/Xorg :0 -depth 24 -nobanner -auth /var/dt/A:0-4BaWrb
    root  1375     1   0   Oct 19 ?           0:00 /usr/lib/dmi/snmpXdmid -s badmintonequipments
    root  1473     1   0   Oct 19 ?           0:00 /usr/lib/dmi/snmpXdmid -s geminitwins.net

/%fd 654
    root   655   654   0   Oct 19 ??          0:00 /usr/openwin/bin/fbconsole -n -d :0
    root   681   654   0   Oct 19 ?           0:00 /usr/dt/bin/dtlogin -daemon
    root   656   654   0   Oct 19 ?          37:07 /usr/X11/bin/Xorg :0 -depth 24 -nobanner -auth /var/dt/A:0-4BaWrb
    root   654     1   0   Oct 19 ?           0:00 /usr/dt/bin/dtlogin -daemon

/%ucbfd 656
   656 ?        S 37:07 /usr/X11/bin/Xorg :0 -depth 24 -nobanner -auth /var/dt/A:0-4BaWrb

I then killed PID 656 Xorg process. Once I killed it, the above X server sockets were closed:

Code: Select all

/%portn 6000
192.168.1.225.6000   217.133.242.195.37815  5888      0 49248      0 LAST_ACK
192.168.1.225.6000   217.133.242.195.52053  5888      0 49248      0 FIN_WAIT_1

Eventually, they disappeared.

After a little while, I restarted X server by issuing the following command:

/%/usr/X11/bin/Xorg :0 -depth 24 -nobanner -auth /var/dt/A:0-4BaWrb &

and the output:

Code: Select all

X Window System Version 7.2.0
Release Date: 22 January 2007
X Protocol Version 11, Revision 0, Release 7.2
Build Operating System: SunOS 5.10 Generic i86pc 
Current Operating System: SunOS solaris 5.10 Generic_120012-14 i86pc
Build Date: 01 June 2007

Solaris ABI: 32-bit
SUNWxorg-server package version: 6.8.0.5.10.7400,REV=0.2004.12.15
SUNWxorg-server patches applied: 125720-10
SUNWxorg-graphics-ddx package version: 6.8.0.5.10.7400,REV=0.2004.12.15
SUNWxorg-graphics-ddx patches applied: 125720-10
SUNWxorg-mesa package version: 6.8.2.5.10.0113,REV=0.2005.08.02
SUNWxorg-mesa patches applied: 125720-10 125724-01
        Before reporting problems, check http://sunsolve.sun.com/
        to make sure that you have the latest version.
Module Loader present
Markers: (--) probed, (**) from config file, (==) default setting,
        (++) from command line, (!!) notice, (II) informational,
        (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: "/var/log/Xorg.0.log", Time: Fri Feb 25 03:02:21 2011
(EE) Unable to locate/open config file
New driver is "via"
(==) Using default built-in configuration (57 lines)
(EE) Failed to load module "dri" (module does not exist, 0)
(EE) Failed to load module "xtsol" (module does not exist, 0)
(EE) Failed to load module "fbdev" (module does not exist, 0)
The XKEYBOARD keymap compiler (xkbcomp) reports:
> Error:            Mode_switch added to symbol map for multiple modifiers
>                   Using Mod2, ignoring Mod3.
> Warning:          Symbol map for key <KPEQ> redefined
>                   Using last definition for conflicting fields
Errors from xkbcomp are not fatal to the X server

/etc/init.d%fd X
    root   592     1   0   Oct 19 ?           0:00 /usr/lib/dmi/snmpXdmid -s solaris
    root  1375     1   0   Oct 19 ?           0:00 /usr/lib/dmi/snmpXdmid -s badmintonequipments
    root  1473     1   0   Oct 19 ?           0:00 /usr/lib/dmi/snmpXdmid -s geminitwins.net
    root 28214 27791   1 03:02:21 ?           0:00 /usr/X11/bin/Xorg :0 -depth 24 -nobanner -auth /var/dt/A:0-4BaWrb

I still wonder how people connect to hsiao.net's X server.
/etc/hosts.deny literally denies ALL connections except those in /etc/hosts.allow (FTP, TELNET, SSH and MYSQL).

Need to investigate further.....

Posted: **Fri Mar 04, 2011 7:04 pm**

Forgot to use LSOF to check which process was opened to connect to port 6000.

bbs.hsiao.net 交流論壇

X windows server connected by an Italian host

X windows server connected by an Italian host

Re: X windows server connected by an Italian host