Unexpected remote desktop connection.

Jim Byrnes jf_byrnes at comcast.net
Fri Jun 24 17:48:45 UTC 2011 

I was working on my laptop today trying to customize Natty to my liking. 
  I added a couple of ppa's for indicator applets and installed the 
applets.  I then let the machine set for a while.  When I looked at it 
again I saw a monitor icon on the top panel.  When I clicked on it I was 
informed that ip 211.247.13.53 was remotely accessing my desktop.

I immediately severed the connection.  Checking the remote desktop 
settings I saw the sharing checkbox was checked but the allow remote 
desktop control was unchecked.  I don't know if sharing is checked by 
default or if I checked it to experiment.

whois results:

query: 211.247.13.53

# KOREAN

조회결과는 아래와 같으며, 실제 정보와 상이할 수 있습니다.

IPv4주소           : 211.247.13.0-211.247.13.255
네트워크 이름      : JUNGBUVITSSEN
연결 ISP명         : CHUNGBUVITSSEN
할당내역 등록일    : 20050329
할당정보 공개여부  : Y

[ IPv4주소 사용 기관 정보 ]
기관고유번호       : ORG385636
기관명             : (주)티브로드 홀딩스 중부방송
주소               : 천안시 문화동
상세주소           : 2-108
우편번호           : 330-020

[ 네트워크 담당자 인물 정보 ]
이름               : 김승종
기관명             : (주)티브로드 홀딩스 중부방송
주소               : 천안시 문화동
상세주소           : 2-108
우편번호           : 330-020
전화번호           : +82-70-8188-7086
전자우편           : sjkim11 at tbroad.com

--------------------------------------------------------------------------------

만약 위의 IPv4주소 사용기관 정보가 올바르지 않을 경우
아래의 해당 연결 ISP 담당자에게 문의하시기 바랍니다.

[ 연결ISP의 IPv4주소 책임자 정보 ]
이름               : 김승종
전화번호           : +82-70-8188-7086
전자우편           : sjkim11 at tbroad.com

[ 연결ISP의 IPv4주소 담당자 정보 ]
이름               : 김승종
전화번호           : +82-70-8188-7086
전자우편           : sjkim11 at tbroad.com

[ 연결ISP의 Network Abuse 담당자 정보 ]
이름               : 김요한
전화번호           : +82-70-8188-7042
전자우편           : kyhangel at tbroad.com

# ENGLISH

KRNIC is not an ISP but a National Internet Registry similar to APNIC.
The following is organization information that is using the IPv4 address.

IPv4 Address       : 211.247.13.0-211.247.13.255
Network Name       : JUNGBUVITSSEN
Connect ISP Name   : CHUNGBUVITSSEN
Connect Date       : 20040811
Registration Date  : 20050329
Publishes          : Y

[ Organization Information ]
Organization ID    : ORG385636
Org Name           : Tbroad Chungbu Broadcasting Co.
Address            : Munhwa-dong, Cheonan-si
Detail Address     : 2-108
Zip Code           : 330-020

[ Technical Contact Information ]
Name               : Kim Seung Jong
Org Name           : Tbroad Chungbu Broadcasting Co.
Address            : Munhwa-dong, Cheonan-si
Detail Address     : 2-108
Zip Code           : 330-020
Phone              : +82-70-8188-7086
E-Mail             : sjkim11 at tbroad.com

--------------------------------------------------------------------------------

If the above contacts are not reachable, please contact following ISP
for further information.

[ ISP IPv4 Admin Contact Information ]
Name               : Kim Seung Jong
Phone              : +82-70-8188-7086
E-Mail             : sjkim11 at tbroad.com

[ ISP IPv4 Tech Contact Information ]
Name               : Kim Seung Jong
Phone              : +82-70-8188-7086
E-Mail             : sjkim11 at tbroad.com

[ ISP Network Abuse Contact Information ]
Name               : Kim Yo Han
Phone              : +82-70-8188-7042
E-Mail             : kyhangel at tbroad.com


So is it possible I've been hacked? If so what is my best course of action?

There's really not much of value on it. I use it infrequently mostly to 
experiment with Natty.  Firefox has a few passwords stored, but nothing 
really critical. However it was connected to my home network by wire at 
the time.

Regards,  Jim

More information about the ubuntu-users mailing list