Network security and remote desktop/VNC

So I'm almost certain that somebody somehow is using my PC for questionable things and that I have a security problem.

2 questions:

1) Has anybody used the virgin media ISP filters that block questionable content? are they any good or are they usually overzealous?

2) Even when enabled that will not solve the underlying network security problem, just prevent a symptom. I run several remote desktop/VNC servers on this machine.

Teamviewer
Splashtop
UltraVNC

do you know if any of these keep a log of connected clients and how I can access them?

I do not use Splashtop or UltraVNC. But I do use TeamViewer and RealVNC.

TeamViewer does not use router-configuration and port-forwarding as RealVNC does, but has its own security handshake process that supports its peer-to-peer connections once the initial connection is security-checked and password-authorized between host and client through their website.

And of course RealVNC uses (by default) 5900/5800 ports, which therefore must be "opened" (via port-forwarding) in your router configuration in order to allow clients to access hosts.

I also have MalwareBytes Anti-Malware installed, which blocks (and logs) incoming requests from malicious websites. This is in addition to Microsoft Security Essentials anti-virus which is also installed.


There definitely are "rogue" sites out there (seemingly in Germany, Netherlands, Korea, etc., based on analysis of the blocked IP addresses which may in fact be spoofs I supposed) which attempt to connect through these known open 5900-series ports used by VNC protocol. Thankfully, they are blocked (and logged) by Anti-Malware, which is what alerted me to this symptom.

I have seen this on a number of host machines I remotely connect to using RealVNC. My solution on all of them has been to change the configuration on those hosts to have RealVNC "listen" on much higher port numbers, like 5909/5809. Although the rogue sites seem to be probing on 5900 and 5901, I've not seen them just go "up the line" once they hit a no-response early on. So anything 5906 or higher seems to be a successful "defense", based on my experience. I no longer see any evidence of attempts to connect on those higher port numbers.

Of course even if they do eventually decide to probe up there, Anti-Malware will still block their incoming IP as malicious, hopefully.


As far as TeamViewer, I have never seen any evidence of security breaches using this product, even though there is no router/firewall protection involved in the setup. Whatever pure web-based secure handshake process they've implemented, it seems to be successful based on my own experience.

I looked at my team viewer logs on the PC that I have connected to here C:\Program Files\TeamViewer\VersionX (X is version number. My PC installed version 9). and only found logs of successful connections I did not see any IP numbers though. I also looked at that folder of the computer that I used to connect to that computer and there were no log files at all,

Thanks for the advice Sml65 and dsperber, I'll try and change my ports and look at the successful connections in that directory.

Seems like I won't be on virgin media anymore anyway so I'm going to mark this as solved. Thanks for the help everyone.