RE: VNC logging

From: Ryan Counts (webmaster@badsushi.com)
Date: 11/21/01 

From: "Ryan Counts" <webmaster@badsushi.com>
To: "'FOCUS-MS (E-mail)'" <FOCUS-MS@SECURITYFOCUS.COM>
Subject: RE: VNC logging
Date: Wed, 21 Nov 2001 13:33:37 -0600
Message-ID: <000901c172c3$6b268400$eeeca8c0@parkplacetexas.corp>

Are you in control of all the hosts that a connection could come
through? If not, it could get a little more difficult, since its
relatively easy to set VNC to use an alternative port. A while back I
wanted to be able to connect to my home server from work, which was
behind a proxy that only allowed a limited number of ports. So, all I
had to do was set the port number on VNC to a negative number and was
able to set VNC to listen on the standard telnet port, which oddly
enough was enabled with our proxy. If someone had been sniffing our
network, based on the port traffic, they would have just thought it was
a telnet connection.

Ryan Counts

-----Original Message-----
From: Schulte, Matt [mailto:matt_schulte@spectrumbrands.com]
Sent: Wednesday, November 21, 2001 9:33 AM
To: 'O'Driscoll, Mike'; FOCUS-MS (E-mail)
Subject: RE: VNC logging

I noticed many have mention ports 5801 (and the like) but also remember
there are ports concerning 5901 (and the like) for the Java based
connections. I'm fairly certain the snort VNC configs can filter that as
well.

I've never noticed the tray icon to "not change", however sometimes it
may
not appear in win2000 (because of running as a service possible?)

        M P

-----Original Message-----
From: O'Driscoll, Mike [mailto:MODriscoll@ims-group-plc.com]
Sent: Tuesday, November 20, 2001 5:42 AM
To: FOCUS-MS (E-mail)
Subject: VNC logging

Is there a way to log incoming connections to a VNC host, or to know if
a
connection is open?

The standard way of checking the colour of the system tray icon only
works
if you are sitting at the machine in question at the time of a
connection
and if the icon does actually change colour which it doesn't always do
anyway.

Mike O'Driscoll
Interactive Media Services

Relevant Pages

  • How did they get behind my NAT?
    ... this point I panicked and shutdown the VNC service ASAP. ... My question is how the attacker got to my VNC port! ... the internet through the router. ... client connection using local port number 5900 (which was also being ...
    (alt.computer.security)
  • Re: Ports for Ultra VNC behind a firewall - for remote support
    ... and the vendor for the app they use build a Ultra VNC connection into ... Unless your router allows port forwarding based on MAC address, ... has is to forward a port to a particular host by its IP address. ... So, same issue, all computers have Ultra VNC listener, they connect to ...
    (alt.computer.security)
  • Re: VPN connection question
    ... But if he wants to create an ipsec VPN connection into the ... just a VNC, ... Set the Router for port forwarding to ... random port scans forwarded to my XP box. ...
    (Ubuntu)
  • Re: Remote Access from work to home
    ... VPN from their home computer to the LAN at work ... You could use either RDC or VNC to access your home XP Pro pc. ... difficultly is getting a network connection to it. ... RDC required port 3389 forwarded, ...
    (microsoft.public.windows.server.sbs)
  • Re: Problem using PuTTY and Dropbear for port forwarding (ssh tunneling)
    ... you could wonder how VNC server on PC A can listen on port ... My plan is to let those clients set up and keep open an SSH connection ...
    (comp.security.ssh)
Quantcast