Re: heads up, folks: random vnc (remote desktop) attempts



On 02/15/2009 05:08 PM, H.S. wrote:
Hi,

A few weeks ago I was helping a friend fix a few quirks with his brand
new machine and Ubuntu install (64 bit, newest version, Jaunty?). So I
asked him to start his remote desktop (VNC) with no password but which
required his permission to let a client connect to his desktop.

He forwarded port 5900 on his router to his machine and all worked well.
I was able to see his desktop successfully.

We did our work and thought nothing about it later.

It turns out that after a few days he noticed some unexplainable IP
address requesting to see his desktop. He knew it was not me. He
immediately denied the request and removed the port forwarding on his
firewall for good measure.

Since then, he just has his SSH port forwarded and I tunnel VNC
connection through it. This is the most secure way I can think of at
present to do this.

Lesson: looks like there are rogue attempts to open a vnc connection on
random IP addresses. This is akin to random attempts at trying to
connect via the SSH port that many people may have noticed in
/var/log/auth.log. So folks, just do not setup your remote desktop
without some sort of security, preferably both password and permission
prompt.

Regards.


As you know by now, 5900 is a well known port that is scanned for
regularly. See some of the previous threads on this, but you can easily
change the port number to make it a little less obvious for script
kiddies etc. if you just need to get in and out briefly.

http://isc.sans.org/port.html?port=5900



--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users



Relevant Pages

  • How did they get past my NAT?
    ... kicked in on my VNC server - my desktop background image disappeared ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ...
    (comp.security.firewalls)
  • heads up, folks: random vnc (remote desktop) attempts
    ... new machine and Ubuntu install. ... immediately denied the request and removed the port forwarding on his ... he just has his SSH port forwarded and I tunnel VNC ... looks like there are rogue attempts to open a vnc connection on ...
    (Ubuntu)
  • Re: VNC behind ISA Server
    ... On what ports VNC uses, please read the following information from VPN ... A VNC server listens on two ports. ... The exact port numbers depend on the VNC ... Microsoft can make no representation concerning ...
    (microsoft.public.windows.server.sbs)
  • How did they get behind my NAT?
    ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
    (alt.computer.security)
  • Re: Should I buy an older imac for my Grandma?
    ... a couple of weeks ago I finally got around to putting VNC Server ... At some point I'll probably protect it with SSH. ... Port forwarding port 22 through the router ...
    (comp.sys.mac.system)