Solved

VNC/port 5900 connection attempt logging in Mac OS 10.7.5?

Posted on 2013-01-17
2
1,131 Views
Last Modified: 2013-01-18
I have an OS X 10.7.5 machine on my home network with the built-in screen sharing turned on. I connect to it from work with the built-in OS X Screen Sharing app, so it's essentially a VNC connection using the default Apple client/server software on the default port 5900.
 
These connections show up in /var/log/secure.log like this:
Jan 15 10:16:41 MyServer screensharingd[7630]: Authentication: SUCCEEDED
Jan 15 10:21:35 MyServer screensharingd[7630]: Authentication: FAILED
 
But when I look at my traffic logs (using PRTG Network Monitor), I see frequent port 5900 connections to that machine that don't correspond with any secure.log entry.
 
Where might those connection attempts be logged? Is there something other than screensharingd that might be handling port 5900 traffic?
0
Comment
Question by:IanJBlackburn
2 Comments
 
LVL 77

Accepted Solution

by:
arnold earned 500 total points
ID: 38792044
These might be a port scan. I.e. sync which is recorded as a connection attempt is actually never completed.
Another discussion on a similar issue
http://forums.macrumors.com/showthread.php?t=1414493
0
 

Author Comment

by:IanJBlackburn
ID: 38793667
Port scan. Of course. That's exactly what it is, thanks.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.   There is a lot of data that is not automatically backed up…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question