[Micronet] VNC Attacks

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] VNC Attacks

John Ives
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Over the past couple weeks, System and Network Security, has seen a
marked increase in the number of IP addresses scanning the campus
network looking for VNC remote access servers.  Specifically, the number
of unique IP addresses scanning for VNC during that time, has been over
4 times as many as we have seen scanning for SSH. At this point we have
no specific reason for the increased scanning, however, we would like to
advise the campus community that they should take great care in using a
remote access tool like VNC, RDP, Dameware, etc.  In particular, because
VNC is a cross platform remote management tool, and is even the
underlying protocol used by Macs for Remote Management and Screen
Sharing services, it is essential that keep it both up to date and
employ strong passwords for using it.

Further, where possible, users should configure their firewalls to
restrict access to the VNC port to the fewest IP addresses possible. If
they require access from off campus, then system administrators should
restrict off campus access to the VPN service. Information about the
VPN can be found at http://www.net.berkeley.edu/vpn/.

Yours,

John Ives
- --
- -------------------------------------------------------------------------
John Ives                                           Phone (510) 642-7773
System & Network Security     Cell (510) 229-8676
University of California, Berkeley
- -------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJMH/XCAAoJEJkidK6qbywsyhUIAIKgCXsfvgi8YHxh9nVX1ESB
NQf/LklW/vTfr3wdArvmmVkJF74ztQ8jqPKtWjhw1vXTlaNSJ5C09Dlr6HspAHvN
lJx9Xh97msrNIR0pOHGCVJxBd5aIMBUjbdui+wqaI8eFzy0N9fy5uap59CLmrQq5
fNbI17JfJeIpAVIwqx1brpHY0QgvpU2lbNGAoV5iAOsz4Tu+nkAtOoTWUKbfaaZW
8A/5ox+WWx28SHEfcaHwwPCeG4E6UpcHxygkKCbJWqH/mcVJWwSTHc4hi4aZLCIl
5sHpGB7JiYKFX0o6iuT1oZ4ForEprS770HSS3pJHTHMQXNoAyrciA1f6ewZ2idE=
=vXyB
-----END PGP SIGNATURE-----

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.