?
Solved

History of VNC client connections

Posted on 2006-06-12
7
Medium Priority
?
1,997 Views
Last Modified: 2008-03-10
I recently had someone connect to my computer via VNC - it is password protected and only I know the password.  I shut down the ability to access from the outside (which really stinks because now I can't).  So here are my questions:
1.  Can you view a history of IP addresses that have connected?
2.  How would someone have found my ip address to connect to via VNC and gotten my password?

Thanks for your help.
Joe
0
Comment
Question by:joemckamey
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 16886893
Powned

Strong passwords are your first best defense against a malicious user gaining access to your systems.

What type of VPN are you using? hardware? software? combination of the two?

IP addresses are scanned daily for vulnerabilities or responses on popular ports. Like the VPN port you may have been using.
0
 
LVL 10

Assisted Solution

by:Sorenson
Sorenson earned 900 total points
ID: 16886942
VNC history is only available if the logging is turned on, and then only if the client version supports it.  I would suggest, at minimum, changing the default vnc ports to something commonly used by another remote software.. ie:  change vnc to listen on tcp 5631 which is normally used by pcanywhere.  This will keep 90% of the scripts out there from connecting and automating a hack against your vnc.  if you know the day / time of the connection I would also search for any other files modified / created at that time and investigate them all.  Run antivirus, antispyware, keylog detectors, and root kit revealer to make sure another part of your machine hasnt been compromised... of course the safest way is to wipe it and start over.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16886968
Your password could be found by installing some sort of Trojan, virus, malware etc.


It is possible that you may have access your machine from some Cyber Cafe, or any other public computer, or may be from computer of someone known.

On that machine, was installed the keylogger. It logged the IP address and password of your machine.

When the person checked the logs, he found out that you have installed VNC and which public IP and what is the password.

Just change the password for now and see it this guy is able to connect again.

And make sure, you do not connect using VNC from public computers.
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 

Author Comment

by:joemckamey
ID: 16886981
I am using a pretty good password.  Had the port open on my VPN router - kinda unsecure I know.  Would it be possible to change to a different port and that help?

What software VPN would you suggest?  We use a SOHO Watchguard for hardware.

Thanks so much!

Joe
0
 
LVL 10

Assisted Solution

by:Sorenson
Sorenson earned 900 total points
ID: 16887045
I would suggest securevnc or tridia  http://sourceforge.net/projects/securevnc/  or http://www.tridiavnc.com/
read docs with them to change listening ports.  Firewall doesnt matter much, it is not a lot of security (hiding the port), but like I mentioned before, it will prevent the automated scripts from finding it.

I would not bother doing anything until you are certain that the pc is clean.  in addition to what I mentioned above download active ports (do a google search on it) and look for anything on your computer that is communicating or listening that you do not recognize
0
 
LVL 10

Accepted Solution

by:
snerkel earned 600 total points
ID: 16889959
Standard flavours of VNC aren't heavy on security, many use plain text for password exchange.

I would run VNC through a secure VPN tunnel, Microsoft VPN is easy to setup, but I believe is not as secure as it might be (its a lot more secure than VNC).

Better still run openvpn http://openvpn.net/ its more difficult to setup but uses certificates and seems to be very secure.

For Microsoft VPN setup see http://www.tech24.arce.co.uk/vpn.htm
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 16893105
1) vnc doesn't leave a msg in the eventlog however dameware does
2) if the vnc server is running it leaves ports open which anyone can ping against, and are widely known

if this is on a network, then the admin probably has a machine pswd assigned whereas you have a user pswd assigned - vnc has two sets of settings: default prop's (user) & default server prop's (machine)

if the machine settings weren't set but the user settings were then the pswd is blank
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question