heads up, folks: random vnc (remote desktop) attempts

[H.S.]

Hi,

A few weeks ago I was helping a friend fix a few quirks with his brand
new machine and Ubuntu install (64 bit, newest version, Jaunty?). So I
asked him to start his remote desktop (VNC) with no password but which
required his permission to let a client connect to his desktop.

He forwarded port 5900 on his router to his machine and all worked well.
I was able to see his desktop successfully.

We did our work and thought nothing about it later.

It turns out that after a few days he noticed some unexplainable IP
address requesting to see his desktop. He knew it was not me. He
immediately denied the request and removed the port forwarding on his
firewall for good measure.

Since then, he just has his SSH port forwarded and I tunnel VNC
connection through it. This is the most secure way I can think of at
present to do this.

Lesson: looks like there are rogue attempts to open a vnc connection on
random IP addresses. This is akin to random attempts at trying to
connect via the SSH port that many people may have noticed in
/var/log/auth.log. So folks, just do not setup your remote desktop
without some sort of security, preferably both password and permission
prompt.

Regards.

-- 

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.