CVE-1999-0526 Vulnerbility on W2k8 R2
Glynn Clements
glynn at gclements.plus.com
Tue Sep 23 20:58:30 PDT 2014
Duane Fish wrote:
> I see nothing in the Add/Remove (or what was once called that), Programs, etc.
[What follows works for me on a Windows 7 system; the details may be
different on your system, but hopefully shouldn't be too different.]
Start a command prompt as administrator, and use the command
netstat -a -n -p tcp -o
That should produce a listing of active connections; you're looking
for an entry like:
TCP 0.0.0.0:6000 0.0.0.0:0 LISTENING 2104
I.e, a TCP socket in the LISTENING state on port 6000 (or possibly a
different value in the range 6000-6010).
The last number (2104 in this case) is the process identifier (PID).
If you don't see such an entry, no X server is running at present.
One may have been bundled as part of another application, and[1] is
started by that application.
[1] Typically, an application which was originally developed for Unix
and has been ported to Windows rather than being re-written; if you
have any applications which don't "feel" much like Windows
applications, these would be prime suspects.
Start the Task Manager (e.g. Control-Shift-Escape), switch to the
Processes tab, and use the "View -> Select Columns ..." menu option to
add a display column for the PID. Look for the process with the
matching PID. Right click on the entry and choose Open File Location
from the menu. This should allow you to determine the filename of the
executable and the directory which contains it. Hopefully that should
provide some clues as to the source, or at least something to google
for.
Alternatively, you may find TCPView simpler:
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
--
Glynn Clements <glynn at gclements.plus.com>
More information about the xorg
mailing list