I just had a similar experience. Someone (two IPs) just connected to my machine. I had set only to listen on local network as well and also require a password. First person to connect seemed like a bot scanner and didnt do anything. The IPs first octet was in the 88.x.x.x I believe. Next, a person connected from their residential Internet address a few minutes later and I opened up a text editor to alert the connecting person that I knew what was up. They typed back into my text editor and confirmed that they were human. So, from all this, I am very concerned for a few reasons because there might be some vulnerability being exploited. Here are the things I am considering...
* DMZ host or NAT port forwarding allowed external user to connect to internal interface (was enabled in my case) * password was guessed (possible) * someone has 0day to bypass VNC password prompt (improbable, but not totally unlikely given the recent VNC noauth bug that was published) Only way to find out would be to see some better logging. For instance, did the remote attacker authenticate with a password or not??? And what were the IPs of both connecting users? I will not know now because of the failure to log this information by vino server. If there is a 0day, lots of vino/vnc users are going to be in trouble... -- no logs or log files in vino https://bugs.launchpad.net/bugs/330310 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
