Network security and remote desktop/VNC

C

Cue

New member
Local time
7:06 AM
Messages
5
So I'm almost certain that somebody somehow is using my PC for questionable things and that I have a security problem.

2 questions:

1) Has anybody used the virgin media ISP filters that block questionable content? are they any good or are they usually overzealous?

2) Even when enabled that will not solve the underlying network security problem, just prevent a symptom. I run several remote desktop/VNC servers on this machine.

Teamviewer
Splashtop
UltraVNC

do you know if any of these keep a log of connected clients and how I can access them?
 

My Computer

OS
windows 7 32bit
I do not use Splashtop or UltraVNC. But I do use TeamViewer and RealVNC.

TeamViewer does not use router-configuration and port-forwarding as RealVNC does, but has its own security handshake process that supports its peer-to-peer connections once the initial connection is security-checked and password-authorized between host and client through their website.

And of course RealVNC uses (by default) 5900/5800 ports, which therefore must be "opened" (via port-forwarding) in your router configuration in order to allow clients to access hosts.

I also have MalwareBytes Anti-Malware installed, which blocks (and logs) incoming requests from malicious websites. This is in addition to Microsoft Security Essentials anti-virus which is also installed.


There definitely are "rogue" sites out there (seemingly in Germany, Netherlands, Korea, etc., based on analysis of the blocked IP addresses which may in fact be spoofs I supposed) which attempt to connect through these known open 5900-series ports used by VNC protocol. Thankfully, they are blocked (and logged) by Anti-Malware, which is what alerted me to this symptom.

I have seen this on a number of host machines I remotely connect to using RealVNC. My solution on all of them has been to change the configuration on those hosts to have RealVNC "listen" on much higher port numbers, like 5909/5809. Although the rogue sites seem to be probing on 5900 and 5901, I've not seen them just go "up the line" once they hit a no-response early on. So anything 5906 or higher seems to be a successful "defense", based on my experience. I no longer see any evidence of attempts to connect on those higher port numbers.

Of course even if they do eventually decide to probe up there, Anti-Malware will still block their incoming IP as malicious, hopefully.


As far as TeamViewer, I have never seen any evidence of security breaches using this product, even though there is no router/firewall protection involved in the setup. Whatever pure web-based secure handshake process they've implemented, it seems to be successful based on my own experience.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Home-built, two systems (1) and (2)
OS
Windows 7 Pro x64 (1), Win7 Pro X64 (2)
CPU
i5-3350p 3.1Ghz/6MB-cache (1); E8400 3.0Ghz/6MB-cache (2)
Motherboard
ASUS P8Z77-V Pro (1); ASUS P5Q3 (2)
Memory
8GB PC3-12800 DDR3 (1); 4GB PC3-10600 DDR3 (2)
Graphics Card(s)
ATI HD7750 (1), (see TV cards); ATI R7 250 (2)
Sound Card
Realtek ALC892 HD Audio (1); Realtek ALC1200 HD Audio (2)
Monitor(s) Displays
Eizo HD2441W LCD, Eizo S2433W (1); Eizo 24" S2433W (2)
Screen Resolution
1920x1200, 1920x1200 (1); 1920x1200 (2)
Hard Drives
(1) 1TB SATA-II (7200RPM), 2x2TB SATA-III (7200RPM), 250GB SATA-III (10000RPM) for OS; 2x2TB external USB 3.0

(2) 320GB SATA-II (7200RPM), 750GB SATA-II (7200RPM), 150GB SATA-II (10000RPM) for OS; 2TB external USB 3.0
PSU
Nesteq ECS-6001 600W (1); Nesteq ECS-5001 500W (2)
Case
Acousti-Case 360 (1) and (2)
Cooling
Noctua NH-U12P SE2 for CPU, 2x120mm case fans (1) and (2)
Keyboard
IBM PS/2 (1) and (2)
Mouse
Logitech MX Revolution wireless (1); Microsoft wired (2)
Internet Speed
100mbps down / 10mbps up
Antivirus
Microsoft Security Essentials; Malwarebyte Anti-Malware Pro
Browser
Firefox
Other Info
Ceton InfiniTV 4-tuner cablecard-enabled TV card as well as Hauppauge HVR-2250 OTA/ATSC 2-tuner TV card in (1), running under Win7 WMC
  • Like
Reactions: Cue
I looked at my team viewer logs on the PC that I have connected to here C:\Program Files\TeamViewer\VersionX (X is version number. My PC installed version 9). and only found logs of successful connections I did not see any IP numbers though. I also looked at that folder of the computer that I used to connect to that computer and there were no log files at all,
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Compac
OS
Microsoft Windows 7 Ultimate 32-bit 7601
CPU
Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz
Motherboard
MSI Boston
Memory
4.00 GB
Graphics Card(s)
(1) VNC Mirror Driver (2) Intel(R) G33/G31 Express Chipset
Sound Card
Disabled
Monitor(s) Displays
Headless
Screen Resolution
1280 x 960 x 32 bits (4294967296 colors) @ 60 Hz
Hard Drives
ST3320820AS ATA Device
Keyboard
Headless
Mouse
Headless
Antivirus
Malwarebytes pro
Other Info
Also
Windows 8.1 Laptop and Desktop both Acer
  • Like
Reactions: Cue
Thanks for the advice Sml65 and dsperber, I'll try and change my ports and look at the successful connections in that directory.
 

My Computer

OS
windows 7 32bit
Seems like I won't be on virgin media anymore anyway so I'm going to mark this as solved. Thanks for the help everyone.
 

My Computer

OS
windows 7 32bit
You must log in or register to reply here.

Similar threads

Lost ability to Remote Desktop into Win7 machine, 0x519 error
Replies
2
Views
3K
ebo
E
Solved network live download and upload speed software at tray or desktop top
Replies
17
Views
3K
quiltman
Q
KB5003694 Security Only Quality Rollup ESU for Windows 7 - June 8
Replies
0
Views
1K
Brink
Brink
Type 1 Font Parsing Remote Code Execution Vulnerability for Windows
Replies
10
Views
2K
bobby76
B
Remote desktop fail
Replies
2
Views
1K
Atom
A
Back
Top