History of VNC client connections
I recently had someone connect to my computer via VNC - it is password protected and only I know the password. I shut down the ability to access from the outside (which really stinks because now I can't). So here are my questions:
1. Can you view a history of IP addresses that have connected?
2. How would someone have found my ip address to connect to via VNC and gotten my password?
Thanks for your help.
Joe
1. Can you view a history of IP addresses that have connected?
2. How would someone have found my ip address to connect to via VNC and gotten my password?
Thanks for your help.
Joe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Your password could be found by installing some sort of Trojan, virus, malware etc.
It is possible that you may have access your machine from some Cyber Cafe, or any other public computer, or may be from computer of someone known.
On that machine, was installed the keylogger. It logged the IP address and password of your machine.
When the person checked the logs, he found out that you have installed VNC and which public IP and what is the password.
Just change the password for now and see it this guy is able to connect again.
And make sure, you do not connect using VNC from public computers.
It is possible that you may have access your machine from some Cyber Cafe, or any other public computer, or may be from computer of someone known.
On that machine, was installed the keylogger. It logged the IP address and password of your machine.
When the person checked the logs, he found out that you have installed VNC and which public IP and what is the password.
Just change the password for now and see it this guy is able to connect again.
And make sure, you do not connect using VNC from public computers.
ASKER
I am using a pretty good password. Had the port open on my VPN router - kinda unsecure I know. Would it be possible to change to a different port and that help?
What software VPN would you suggest? We use a SOHO Watchguard for hardware.
Thanks so much!
Joe
What software VPN would you suggest? We use a SOHO Watchguard for hardware.
Thanks so much!
Joe
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1) vnc doesn't leave a msg in the eventlog however dameware does
2) if the vnc server is running it leaves ports open which anyone can ping against, and are widely known
if this is on a network, then the admin probably has a machine pswd assigned whereas you have a user pswd assigned - vnc has two sets of settings: default prop's (user) & default server prop's (machine)
if the machine settings weren't set but the user settings were then the pswd is blank
2) if the vnc server is running it leaves ports open which anyone can ping against, and are widely known
if this is on a network, then the admin probably has a machine pswd assigned whereas you have a user pswd assigned - vnc has two sets of settings: default prop's (user) & default server prop's (machine)
if the machine settings weren't set but the user settings were then the pswd is blank
Strong passwords are your first best defense against a malicious user gaining access to your systems.
What type of VPN are you using? hardware? software? combination of the two?
IP addresses are scanned daily for vulnerabilities or responses on popular ports. Like the VPN port you may have been using.