[Micronet] VNC Attacks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

[Micronet] VNC Attacks

John Ives
Hash: SHA1

Over the past couple weeks, System and Network Security, has seen a
marked increase in the number of IP addresses scanning the campus
network looking for VNC remote access servers.  Specifically, the number
of unique IP addresses scanning for VNC during that time, has been over
4 times as many as we have seen scanning for SSH. At this point we have
no specific reason for the increased scanning, however, we would like to
advise the campus community that they should take great care in using a
remote access tool like VNC, RDP, Dameware, etc.  In particular, because
VNC is a cross platform remote management tool, and is even the
underlying protocol used by Macs for Remote Management and Screen
Sharing services, it is essential that keep it both up to date and
employ strong passwords for using it.

Further, where possible, users should configure their firewalls to
restrict access to the VNC port to the fewest IP addresses possible. If
they require access from off campus, then system administrators should
restrict off campus access to the VPN service. Information about the
VPN can be found at http://www.net.berkeley.edu/vpn/.


John Ives
- --
- -------------------------------------------------------------------------
John Ives                                           Phone (510) 642-7773
System & Network Security     Cell (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:


Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.