Solved

History of VNC client connections

Posted on 2006-06-12
7
1,739 Views
Last Modified: 2008-03-10
I recently had someone connect to my computer via VNC - it is password protected and only I know the password.  I shut down the ability to access from the outside (which really stinks because now I can't).  So here are my questions:
1.  Can you view a history of IP addresses that have connected?
2.  How would someone have found my ip address to connect to via VNC and gotten my password?

Thanks for your help.
Joe
0
Comment
Question by:joemckamey
7 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 16886893
Powned

Strong passwords are your first best defense against a malicious user gaining access to your systems.

What type of VPN are you using? hardware? software? combination of the two?

IP addresses are scanned daily for vulnerabilities or responses on popular ports. Like the VPN port you may have been using.
0
 
LVL 10

Assisted Solution

by:Sorenson
Sorenson earned 300 total points
ID: 16886942
VNC history is only available if the logging is turned on, and then only if the client version supports it.  I would suggest, at minimum, changing the default vnc ports to something commonly used by another remote software.. ie:  change vnc to listen on tcp 5631 which is normally used by pcanywhere.  This will keep 90% of the scripts out there from connecting and automating a hack against your vnc.  if you know the day / time of the connection I would also search for any other files modified / created at that time and investigate them all.  Run antivirus, antispyware, keylog detectors, and root kit revealer to make sure another part of your machine hasnt been compromised... of course the safest way is to wipe it and start over.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16886968
Your password could be found by installing some sort of Trojan, virus, malware etc.


It is possible that you may have access your machine from some Cyber Cafe, or any other public computer, or may be from computer of someone known.

On that machine, was installed the keylogger. It logged the IP address and password of your machine.

When the person checked the logs, he found out that you have installed VNC and which public IP and what is the password.

Just change the password for now and see it this guy is able to connect again.

And make sure, you do not connect using VNC from public computers.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:joemckamey
ID: 16886981
I am using a pretty good password.  Had the port open on my VPN router - kinda unsecure I know.  Would it be possible to change to a different port and that help?

What software VPN would you suggest?  We use a SOHO Watchguard for hardware.

Thanks so much!

Joe
0
 
LVL 10

Assisted Solution

by:Sorenson
Sorenson earned 300 total points
ID: 16887045
I would suggest securevnc or tridia  http://sourceforge.net/projects/securevnc/  or http://www.tridiavnc.com/
read docs with them to change listening ports.  Firewall doesnt matter much, it is not a lot of security (hiding the port), but like I mentioned before, it will prevent the automated scripts from finding it.

I would not bother doing anything until you are certain that the pc is clean.  in addition to what I mentioned above download active ports (do a google search on it) and look for anything on your computer that is communicating or listening that you do not recognize
0
 
LVL 10

Accepted Solution

by:
snerkel earned 200 total points
ID: 16889959
Standard flavours of VNC aren't heavy on security, many use plain text for password exchange.

I would run VNC through a secure VPN tunnel, Microsoft VPN is easy to setup, but I believe is not as secure as it might be (its a lot more secure than VNC).

Better still run openvpn http://openvpn.net/ its more difficult to setup but uses certificates and seems to be very secure.

For Microsoft VPN setup see http://www.tech24.arce.co.uk/vpn.htm
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 16893105
1) vnc doesn't leave a msg in the eventlog however dameware does
2) if the vnc server is running it leaves ports open which anyone can ping against, and are widely known

if this is on a network, then the admin probably has a machine pswd assigned whereas you have a user pswd assigned - vnc has two sets of settings: default prop's (user) & default server prop's (machine)

if the machine settings weren't set but the user settings were then the pswd is blank
0

Featured Post

Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

Join & Write a Comment

Suggested Solutions

Some time ago I was asked to set up a web portal PC to put at our entrance. When customers arrive, they could see a webpage 'promoting' our company. So I tried to set up a windows 7 PC as a kiosk PC.......... I will spare you all the annoyances I…
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now