Re: spooky windows script

To: debian-security@lists.debian.org
Subject: Re: spooky windows script
From: Jan Outhuis <jan.outhuis@orange.nl>
Date: Wed, 9 May 2007 12:03:18 +0200 (CEST)
Message-id: <28812245.1393751178704998840.JavaMail.www@wwinf6003>
Reply-to: jan.outhuis@orange.nl

That's just what I've done: closed the vnc-holes in my firewall (btw it does use a blacklist on incoming connections), and configured the vino-server to not be running by default and when it runs to not accept any unauthorised connections.

Let's see if that does the trick.

Greetings,

Jan

> Datum: 09/05/07 08:11 AM
> Van: "Lee Braiden" <lee.b@digitalunleashed.com>
> Aan: debian-security@lists.debian.org
> CC: 
> Onderwerp : Re: spooky windows script
> 
> On Tuesday 08 May 2007 22:34:30 Gerardo Curiel wrote:
> > El mar, 08-05-2007 a las 22:24 +0200, Thomas Hochstein escribió:
> > > Chris Adams schrieb:
> > > > Do you have a VNC server installed?
> > > >
> > > | But I do have vino-server running.
> > >
> > > Yes.
> >
> > That's the problem, the same happened to me a couple of weeks ago, in my
> > Desktop(a newly installed Debian Unstable).
> >
> > Vino seems to open the vnc port to the outside without password when
> > installed by default.
> 
> I would say the problem is more that his system is configured to allow any 
> servers without explicit authorisation.  That could just as easily have been 
> a trojan or rootkit opening a port.  Best to setup your firewall to block all 
> incoming connections by default, and explicitly allow only what your system 
> is actually serving, and only to machines it needs to serve.
> 
> -- 
> Lee
> 
> 
>

Reply to:

Prev by Date: Re: spooky windows script
Next by Date: Gary Bueltel is in Colorado Springs
Previous by thread: Re: spooky windows script
Next by thread: Gary Bueltel is in Colorado Springs
Index(es):
- Date
- Thread