[vox-tech] vnc highjacked?

Alex Mandel tech_dev at wildintellect.com
Sat Mar 27 18:43:25 PDT 2010


Bill Kendrick wrote:
> On Sat, Mar 27, 2010 at 08:50:03PM -0400, Hai Yi wrote:
>> Hello All:
>>
>> I installed a x11vnc on my home server, and scarily found that someone
>> is remotely controlling my desktop: when I use vncviewer to see my
>> server's desktop, i noticed the mouse moving on the browser and typed
>> in some paypal sites to open them.
> 
> Have you looked at:
>   http://en.wikipedia.org/wiki/VNC#Security
> 
> It starts out with: "By default, VNC is not a secure protocol",
> so I guess the next question is: were you limiting VNC access in any
> way?  If not, then your computer is probably wide open for anyone
> who can see it. :^/
> 
> -bill!
> (who admittedly doesn't know much about VNC)

That's pretty much the story,
my method to a slightly secure vnc:
1. Have a firewall blocking all ports that I don't need to see from the
outside. Basically only 22, 80,443(the last 2 for web server/https)
2. I don't have x11vnc running all the time, I have to manually start it.
3. I tunnel in via ssh and foward the vnc port I want to use, start the
vnc when I want to connect and then shut it down when not in use and
close my ssh connection.

That's what I would recommend to prevent unwanted vnc connections. Now
all you have to worry about it ssh hacks.

You should be able to see in the vnc logs where the connection is coming
from if you really want to know.

Alex


More information about the vox-tech mailing list