Subject: Re: NetBSD-3.1 was attacked: Bug of SSHD or cyrus-sasl?
To: None <email@example.com>
From: James K. Lowden <firstname.lastname@example.org>
Date: 01/12/2007 21:01:37
Steven M. Bellovin wrote:
> I wouldn't be surprised if vnc were vulnerable, too.
Funny you should mention that.
My mother got a new Macintosh for Christmas to replace her aging PC. To
let her get to the PC while logged on the Mac, we set up VNC. And, of
course, a lot of stuff would have to be migrated. To be able to help
remotely, my brother opened up the VNC port on the D-Link firewall. To
make it easy to remember, he used his initials. Then he headed home.
About an hour later, I noticed someone typing "cmd.exe /c something" in
the "Run...." dialog off the Start button. It took me about 15 seconds to
realize it wasn't him or me, and about 5 more to disconnect the Ethernet
cable. Then I called him for the firewall admin password and closed the
port. Helping would have to happen some other way.
AFAIK VNC has no way to limit or log login attempts, or to increase the
delay between them as failures accumulate. That makes it an ideal target
for a dictionary attack.
There's a happy ending. Today's the 12th of January and still not one
support phone call.