Who is connceted

[Richard Harris]

Hi there,

>>> I have dsl.  I am running win98, and when I came home I found someone
>> > connected to my pc via winvnc.  Is there a log file I can look at to
>> > see

 There is a log file, but it will only be there if you had that option
 turned on. It's also deleted if you stop and restart the service.....so,
 if you've rebooted your PC since the attack, that's a non-starter.

 Also, the IP address of the attacker is likely to be dynamic - if they
 are on dial- up and if they are behind a firewall, you are unlikely to
 be able to trace their identity. It's not impossible, but very
 difficult.

 I don't want to tell you how to operate you computer, but VNC - like any
 computer program or OS, can be abused. What makes it easy for you to
 remote control your home PC, also makes it easy for Joe Hacker.

 There's a couple of things you can do - sorry if this is a bit of a
 lecture, I've no idea what level of PC knowledge you have.

 1) Set VNC to only allow connections from a set range of IP addresses.
 So, if you work / college / mate's computers always connect on range
 202.192.64.x - then set VNC to ignore everyone else. This still isn't
 perfect as someone from that range of IP addresses could still attack
 your PC.

 2) Put in a firewall - like ZoneAlarm or Norton Personal Firewall.
 That's okay to a point - but it isn't going to solve your VNC connection
 worries. (it will help stop people attacking or sweeping your PC for
 vunerabilities though).

 3) Run zVNC instead of VNC. Zvnc has built in compression/encryption and
 listens on port 6000 - as opposed to 5800 and 5900 which are the default
 VNC ports. Put a complicated alphanumeric password in - something like
 "3Atmy5h0rt5" - it makes brute force attacks much harder.

 4) Go for something like Stunnel on both your home PC and the computer
 you want to connect from. With stunnel you can set up secure tunnels
 between computer systems and by making VNC only accept local loopback
 connections - an intruder would have to crack your tunnel settings
 (difficult!!) before he could get to VNC. Stunnel would help prevent
 attacks to VNC, but your W98 shares are still likely to be visable.

 5) By far the easiest option - at least in my experience - would be to
 use something like Freesco or another linux router. These take care of
 99.9% of your security problems on DSL / cable. You can even set up
 secure tunnels or have port forwarding on the router (although that's a bit  
 risky!) As it's unix,  you only need an old 486 / old pentium and two network 
 cards. 

 I've set a few up now and they are easy to do. One of the guys I did it
 for isn't an IT wiz and he finds it easy to operate.

 I hope that helps!

Later,
Richard

"Service, price , quality: pick any two."
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------