Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

vnc password cracked

Options
  • 08-08-2006 12:32pm
    #1
    mukki
    Closed Accounts Posts: 2,669 ✭✭✭


    not really asking anything, just letting you guys know...


    i set up vnc on my mediacenter because it has no mouse or keyboard and its hard to read text of the tv, no password or anything, just set it to only accept local ip's

    anyway last week i was away and the brother texted me to tape something for him, so it got me thinking of the advantages of remote accesing it from the web


    so yesterday i set up a no-ip account, and allowed tcp port 5800 and 5900 through NAT on my bb modem, and set a mild password on vnc, 7 letters and 1 number

    this morning i had a AVG virus warning on the mediacenter's telly

    vnc'ed in and had a look at the event viewer, and pc was vnc'ed into about 5 times from different non-local ip addresses, 3 of them disconnected again immedately, but 2 of them went to start- run and typed in "a website address"\msconfig2.exe. strangly enough from reading the log none of them got refused for entering the wrong password, so it wasn't some sort of brute force cracker

    i'd say is some sort of virus thats running on a few pcs, checking IP addresses at randon

    anyway i since turned off the java server on vnc 5800 and changed the port to something else

    seen a lot of SSH setups, but gonna see if this will do for now


Comments

  • Options
    #2
    NutJob
    Closed Accounts Posts: 884 ✭✭✭NutJob


    There was an Authentication bypass a few months back for VNC. (now fixed if you update to latest version)

    The passwords stored by realVNC/OpenVnc are weak also but you need to be in the system already to brutefource the stored hash.

    My advice for using this type of software is SSH tunnels Or Vpn tunnels as they tend to be harder to fingerprint. If you move the port Nmap will still find it if its setup for poking below the surface.
    I currently use open vnc + hamachi to maintain a PC remotly.

    If you want more info post back


  • Options
    #3
    mukki
    Closed Accounts Posts: 2,669 ✭✭✭mukki


    well i changed a few settings (as i mentioned above) about 9 hrs ago and no attacks since, will get back to ya if i have more problems,

    i'm pretty sure that it was an automated attack, and a few slight changes should stop it


  • Options
    #4
    SouperComputer
    Registered Users Posts: 6,949 ✭✭✭SouperComputer


    try ultraVNC with the DSM encryption plugin. Might save you the hassle of SSH.

    Also try using a random port. Of course it can still be found, but its lazy script kiddies that are messing around from the sounds of things, just looking for an easy target.


  • Options
    #5
    po0k
    Registered Users Posts: 15,815 ✭✭✭✭po0k


    www.nomachine.com

    FreeNX


  • Options
    #6
    layke
    Closed Accounts Posts: 1,956 ✭✭✭layke


    Personally speaking I would not use VNC for internet access, perhaps as a backup however.


  • Advertisement
  • Options
    #7
    conor-mr2
    Registered Users Posts: 651 ✭✭✭conor-mr2


    i like www.logmein.com


Advertisement