Carey Fisher - NCS wrote:
>> Frank Niu wrote:
>>   
>>     
>>> I got a announcement about this issue. It is indeed a VNC-related security
>>> problem. You need to upgrade the VNC version. ( I upgrade to 4.1.2)
>>>
>>> **********************************
>>> There is a known exposure in some versions of the popular program VNC by
>>> which an attacker can get past the password protection and compromise the
>>> system.   It was found in the "RealVNC" version and an upgrade which fixes
>>> this exposure is available.  Other versions of VNC may or may not be
>>> affected.  
>>>   
>>>   
>>>       
>   
> Well, it happened again.  I've gotten in the habit of disabling the network connection when I leave this computer.  So, this morning, I sat down to work and re-enabled the network connection.
> As I was working, I answered a phone call and when I turned back to the screen, I saw a DOS window with someone typing.  They were entering a command to use tftp to download a file called mdn.exe to my computer!!!!!
> So, I immediately shutdown the network connection, the tftp connection timed out and I breathed a sigh of relief.
> Now, to figure out who and how...  I traced the IP address to an ISP in Korea so no point in pursuing the "who".  The "how" is the most important anyway.
> So, what I've done for now, is to totally shutdown RealVNC including plugging the holes in the firewall for the VNC ports.
> I'll continue disabling the network connection to this computer when I'm not using it.  If I get another attack, I'll know it's not VNC.  But I have a feeling it is VNC because this is the only computer on the LAN (6 machines total) that has had any of this kind of activity and it's the only one the firewall sends VNC traffic to.
> Carey
>   
Wow...Glad I pulled my RealVNC connction a few months ago.

--Bob
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist