Solved

History of VNC client connections

Posted on 2006-06-12
7
1,766 Views
Last Modified: 2008-03-10
I recently had someone connect to my computer via VNC - it is password protected and only I know the password.  I shut down the ability to access from the outside (which really stinks because now I can't).  So here are my questions:
1.  Can you view a history of IP addresses that have connected?
2.  How would someone have found my ip address to connect to via VNC and gotten my password?

Thanks for your help.
Joe
0
Comment
Question by:joemckamey
7 Comments
 
LVL 7

Expert Comment

by:ieden
ID: 16886893
Powned

Strong passwords are your first best defense against a malicious user gaining access to your systems.

What type of VPN are you using? hardware? software? combination of the two?

IP addresses are scanned daily for vulnerabilities or responses on popular ports. Like the VPN port you may have been using.
0
 
LVL 10

Assisted Solution

by:Sorenson
Sorenson earned 300 total points
ID: 16886942
VNC history is only available if the logging is turned on, and then only if the client version supports it.  I would suggest, at minimum, changing the default vnc ports to something commonly used by another remote software.. ie:  change vnc to listen on tcp 5631 which is normally used by pcanywhere.  This will keep 90% of the scripts out there from connecting and automating a hack against your vnc.  if you know the day / time of the connection I would also search for any other files modified / created at that time and investigate them all.  Run antivirus, antispyware, keylog detectors, and root kit revealer to make sure another part of your machine hasnt been compromised... of course the safest way is to wipe it and start over.

0
 
LVL 13

Expert Comment

by:prashsax
ID: 16886968
Your password could be found by installing some sort of Trojan, virus, malware etc.


It is possible that you may have access your machine from some Cyber Cafe, or any other public computer, or may be from computer of someone known.

On that machine, was installed the keylogger. It logged the IP address and password of your machine.

When the person checked the logs, he found out that you have installed VNC and which public IP and what is the password.

Just change the password for now and see it this guy is able to connect again.

And make sure, you do not connect using VNC from public computers.
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:joemckamey
ID: 16886981
I am using a pretty good password.  Had the port open on my VPN router - kinda unsecure I know.  Would it be possible to change to a different port and that help?

What software VPN would you suggest?  We use a SOHO Watchguard for hardware.

Thanks so much!

Joe
0
 
LVL 10

Assisted Solution

by:Sorenson
Sorenson earned 300 total points
ID: 16887045
I would suggest securevnc or tridia  http://sourceforge.net/projects/securevnc/  or http://www.tridiavnc.com/
read docs with them to change listening ports.  Firewall doesnt matter much, it is not a lot of security (hiding the port), but like I mentioned before, it will prevent the automated scripts from finding it.

I would not bother doing anything until you are certain that the pc is clean.  in addition to what I mentioned above download active ports (do a google search on it) and look for anything on your computer that is communicating or listening that you do not recognize
0
 
LVL 10

Accepted Solution

by:
snerkel earned 200 total points
ID: 16889959
Standard flavours of VNC aren't heavy on security, many use plain text for password exchange.

I would run VNC through a secure VPN tunnel, Microsoft VPN is easy to setup, but I believe is not as secure as it might be (its a lot more secure than VNC).

Better still run openvpn http://openvpn.net/ its more difficult to setup but uses certificates and seems to be very secure.

For Microsoft VPN setup see http://www.tech24.arce.co.uk/vpn.htm
0
 
LVL 14

Expert Comment

by:FriarTuk
ID: 16893105
1) vnc doesn't leave a msg in the eventlog however dameware does
2) if the vnc server is running it leaves ports open which anyone can ping against, and are widely known

if this is on a network, then the admin probably has a machine pswd assigned whereas you have a user pswd assigned - vnc has two sets of settings: default prop's (user) & default server prop's (machine)

if the machine settings weren't set but the user settings were then the pswd is blank
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Monitor bandwidth 3 82
Super Scope, DHCP 5 50
HSRP not working on N7K-c7018 3 41
ssh setup on Cisco swith 11 43
Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now