> From: "Jesse" <[EMAIL PROTECTED]> > Subject: Security Issue? > Due to another problem, I was in the Event Log for my Windows XP machine, > and noticed several suspicious entries regarding WinVNC4: > All of these entries were received on 9/30/2006 at 2:35:02 AM > > * Connections: closed: 71.141.133.10::62311 (Requested security type not > available) > * Connections: accepted: 71.141.133.10::62311 > * Connections: closed: 71.141.133.10::62309 (Clean disconnection) > * SocketManager: unknown listener event: 0 > * Connections: accepted: 71.141.133.10::62309 > > There are many such entries that go back to late August. The IP address > indicated appears to be out of San Francisco, CA.
You've got someone who is trying to get into your system, hoping that you're running one of the exploitable versions of VNC. I've cleaned up a lot of systems that were running 4.1.1, and in the days after they were upgraded to 4.1.2, I saw a steady decline in these types of log entries, as the bad guys were thwarted and presumably spread the word that the given system was no longer their playground. If anything, do a WHOIS on the IP in question and send a complaint to the ISP. You play, you pay. _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
