Desktop sharing - security issue
James Harris
james.harris.1 at gmail.com
Sat Jan 12 10:13:40 UTC 2013
This is a security issue that allowed someone to get remote desktop
access to my Ubuntu machine even though the machine is behind a
firewall. I was going to report it as a bug but from the Launchpad
instructions it seems it is more a policy issue so am reporting it to
the mailing list that the page directed me to.
Context:
* Recent upgrade to 12.04 LTS. (May or may not be related.)
* Home network behind NAT firewall.
* Home router configured to reject all incoming connections.
Problem: Someone on the Internet gained access to my Ubuntu machine.
Cause: Desktop Sharing preferences and other.
Since the upgrade I found intermittent text on screen that I hadn't
written. It was the same attack as is mentioned at
http://www.bleepingcomputer.com/forums/topic314188.html
The router was configured to be completely locked down and reject all
connections from the internet, even ping, but after a lot of looking
for viruses etc I eventually found what I think is the cause.
Desktop Sharing has a setting: Automatically configure UPnP router to
open and forward ports. This setting was selected. I don't know when
it was turned on but it is not something I would want to use. The
router turned out to be UPnP configurable. This, I think, meant that
the desktop sharing software told the router to open up access. This
is not something I was aware of and I had not selected it.
How is it best to protect Ubuntu users from unintentionally opening up
access as described above? (If it helps, my other desktop sharing
settings were completely open but nothing warned me of the danger.)
James
More information about the ubuntu-devel
mailing list