Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2403
  • Last Modified:

History of VNC client connections

I recently had someone connect to my computer via VNC - it is password protected and only I know the password.  I shut down the ability to access from the outside (which really stinks because now I can't).  So here are my questions:
1.  Can you view a history of IP addresses that have connected?
2.  How would someone have found my ip address to connect to via VNC and gotten my password?

Thanks for your help.
Joe
0
joemckamey
Asked:
joemckamey
3 Solutions
 
iedenCommented:
Powned

Strong passwords are your first best defense against a malicious user gaining access to your systems.

What type of VPN are you using? hardware? software? combination of the two?

IP addresses are scanned daily for vulnerabilities or responses on popular ports. Like the VPN port you may have been using.
0
 
SorensonCommented:
VNC history is only available if the logging is turned on, and then only if the client version supports it.  I would suggest, at minimum, changing the default vnc ports to something commonly used by another remote software.. ie:  change vnc to listen on tcp 5631 which is normally used by pcanywhere.  This will keep 90% of the scripts out there from connecting and automating a hack against your vnc.  if you know the day / time of the connection I would also search for any other files modified / created at that time and investigate them all.  Run antivirus, antispyware, keylog detectors, and root kit revealer to make sure another part of your machine hasnt been compromised... of course the safest way is to wipe it and start over.

0
 
prashsaxCommented:
Your password could be found by installing some sort of Trojan, virus, malware etc.


It is possible that you may have access your machine from some Cyber Cafe, or any other public computer, or may be from computer of someone known.

On that machine, was installed the keylogger. It logged the IP address and password of your machine.

When the person checked the logs, he found out that you have installed VNC and which public IP and what is the password.

Just change the password for now and see it this guy is able to connect again.

And make sure, you do not connect using VNC from public computers.
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
joemckameyGeneral ManagerAuthor Commented:
I am using a pretty good password.  Had the port open on my VPN router - kinda unsecure I know.  Would it be possible to change to a different port and that help?

What software VPN would you suggest?  We use a SOHO Watchguard for hardware.

Thanks so much!

Joe
0
 
SorensonCommented:
I would suggest securevnc or tridia  http://sourceforge.net/projects/securevnc/  or http://www.tridiavnc.com/
read docs with them to change listening ports.  Firewall doesnt matter much, it is not a lot of security (hiding the port), but like I mentioned before, it will prevent the automated scripts from finding it.

I would not bother doing anything until you are certain that the pc is clean.  in addition to what I mentioned above download active ports (do a google search on it) and look for anything on your computer that is communicating or listening that you do not recognize
0
 
snerkelCommented:
Standard flavours of VNC aren't heavy on security, many use plain text for password exchange.

I would run VNC through a secure VPN tunnel, Microsoft VPN is easy to setup, but I believe is not as secure as it might be (its a lot more secure than VNC).

Better still run openvpn http://openvpn.net/ its more difficult to setup but uses certificates and seems to be very secure.

For Microsoft VPN setup see http://www.tech24.arce.co.uk/vpn.htm
0
 
FriarTukCommented:
1) vnc doesn't leave a msg in the eventlog however dameware does
2) if the vnc server is running it leaves ports open which anyone can ping against, and are widely known

if this is on a network, then the admin probably has a machine pswd assigned whereas you have a user pswd assigned - vnc has two sets of settings: default prop's (user) & default server prop's (machine)

if the machine settings weren't set but the user settings were then the pswd is blank
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now