Re[2]: Who is connected

Andrew Cornish Andrewc "at" orion-group.co.uk
Mon, 11 Feb 2002 12:04:43 +0000 

Paul, Thank you


Andrewc

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Paul Gleave
Sent: 11 February 2002 11:21
To: Andrew Cornish
Subject: Re[2]: Who is connected


http://people.we.mediaone.net/ddyer/znc/zvnc.html

On Monday, 11 February 2002, you wrote:

> Hello ...
> sorry for earwigging

> But where do I get Zvnc from......?

> Andrewc

> -----Original Message-----
> From: owner-vnc-list "at" uk.research.att.com
> [mailto:owner-vnc-list "at" uk.research.att.com]On Behalf Of Richard Harris
> Sent: 11 February 2002 10:47
> To: vnc-list "at" uk.research.att.com
> Subject: Re: Who is connceted


> Hi there,

>>>> I have dsl.  I am running win98, and when I came home I found someone
>>> > connected to my pc via winvnc.  Is there a log file I can look at to
>>> > see

>  There is a log file, but it will only be there if you had that option
>  turned on. It's also deleted if you stop and restart the service.....so,
>  if you've rebooted your PC since the attack, that's a non-starter.

>  Also, the IP address of the attacker is likely to be dynamic - if they
>  are on dial- up and if they are behind a firewall, you are unlikely to
>  be able to trace their identity. It's not impossible, but very
>  difficult.

>  I don't want to tell you how to operate you computer, but VNC - like any
>  computer program or OS, can be abused. What makes it easy for you to
>  remote control your home PC, also makes it easy for Joe Hacker.

>  There's a couple of things you can do - sorry if this is a bit of a
>  lecture, I've no idea what level of PC knowledge you have.

>  1) Set VNC to only allow connections from a set range of IP addresses.
>  So, if you work / college / mate's computers always connect on range
>  202.192.64.x - then set VNC to ignore everyone else. This still isn't
>  perfect as someone from that range of IP addresses could still attack
>  your PC.

>  2) Put in a firewall - like ZoneAlarm or Norton Personal Firewall.
>  That's okay to a point - but it isn't going to solve your VNC connection
>  worries. (it will help stop people attacking or sweeping your PC for
>  vunerabilities though).

>  3) Run zVNC instead of VNC. Zvnc has built in compression/encryption and
>  listens on port 6000 - as opposed to 5800 and 5900 which are the default
>  VNC ports. Put a complicated alphanumeric password in - something like
>  "3Atmy5h0rt5" - it makes brute force attacks much harder.

>  4) Go for something like Stunnel on both your home PC and the computer
>  you want to connect from. With stunnel you can set up secure tunnels
>  between computer systems and by making VNC only accept local loopback
>  connections - an intruder would have to crack your tunnel settings
>  (difficult!!) before he could get to VNC. Stunnel would help prevent
>  attacks to VNC, but your W98 shares are still likely to be visable.

>  5) By far the easiest option - at least in my experience - would be to
>  use something like Freesco or another linux router. These take care of
>  99.9% of your security problems on DSL / cable. You can even set up
>  secure tunnels or have port forwarding on the router (although that's a
bit
>  risky!) As it's unix,  you only need an old 486 / old pentium and two
> network
>  cards.

>  I've set a few up now and they are easy to do. One of the guys I did it
>  for isn't an IT wiz and he finds it easy to operate.

>  I hope that helps!

> Later,
> Richard

> "Service, price , quality: pick any two."
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
> ---------------------------------------------------------------------
> To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
> 'unsubscribe vnc-list' in the message BODY
> See also: http://www.uk.research.att.com/vnc/intouch.html
> ---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------