Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT
Course Of The Month
8 days, 1 hour left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
VNC/port 5900 connection attempt logging in Mac OS 10.7.5?
Posted on 2013-01-17
I have an OS X 10.7.5 machine on my home network with the built-in screen sharing turned on. I connect to it from work with the built-in OS X Screen Sharing app, so it's essentially a VNC connection using the default Apple client/server software on the default port 5900.
These connections show up in /var/log/secure.log like this:
Jan 15 10:16:41 MyServer screensharingd[7630]: Authentication: SUCCEEDED
Jan 15 10:21:35 MyServer screensharingd[7630]: Authentication: FAILED
But when I look at my traffic logs (using PRTG Network Monitor), I see frequent port 5900 connections to that machine that don't correspond with any secure.log entry.
Where might those connection attempts be logged? Is there something other than screensharingd that might be handling port 5900 traffic?
These connections show up in /var/log/secure.log like this:
Jan 15 10:16:41 MyServer screensharingd[7630]: Authentication: SUCCEEDED
Jan 15 10:21:35 MyServer screensharingd[7630]: Authentication: FAILED
But when I look at my traffic logs (using PRTG Network Monitor), I see frequent port 5900 connections to that machine that don't correspond with any secure.log entry.
Where might those connection attempts be logged? Is there something other than screensharingd that might be handling port 5900 traffic?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2 Comments
Active today
These might be a port scan. I.e. sync which is recorded as a connection attempt is actually never completed.
Another discussion on a similar issue
http://forums.macrumors.com/showthread.php?t=1414493
Another discussion on a similar issue
http://forums.macrumors.com/showthread.php?t=1414493
Featured Post
![[Webinar] How Hackers Steal Your Credentials](https://filedb.experts-exchange.com/files/public/2017/5/20/3315d9d8-8110-4d52-be94-a5aacdd83e4b.png)
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY.
How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
iCloud Drive was introduced after iOS 8 was launched last year. This drive is Apple’s online storage device that lets users sync their files and access them from all their Apple devices.
There is a lot of data that is not automatically backed up…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month8 days, 1 hour left to enroll
617 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.