Welcome guest. Before posting on our computer help forum, you must register. Click here it's easy and free.

« previous next »
Pages: [1]   Go Down

Author Topic: PC under attack?  (Read 3162 times)

0 Members and 1 Guest are viewing this topic.

pritesh22

  • Guest
PC under attack?
« on: June 21, 2009, 10:43:25 AM »





I was literally flooded with these requests. It happened after I installed UltraVNC and stopped my firewall just for a brief period to test my connection problem with my iphone with WinVNC (it was only for about 10 seconds max)... I stopped WinVNC right now but I'm still getting these wild requests, not as fast as before though (thankfully they're blocked).

Did someone manage get a hold of my network? Or are these requests friendly? Since I dint quite understand the "personal policy" in zonealarm...

I just disabled WinVNC and UltraVNC from zonealarm as trusted, but I'm still getting requests...


HJT didn't pick up anything unusual.


Anyone know what might be causing this?

WinXP SP3, AVG 8.5 (scanning right now, 33mins gone, is at docu and settings and nothing found so far), cleared cookies and cache via CCleaner as well.

Thanks for your time.
Logged

pantherman



    Hopeful
    • Thanked: 3
    • Experience: Beginner
    • OS: Windows 7
    Re: PC under attack?
    « Reply #1 on: June 21, 2009, 11:07:01 AM »
    While waiting for an expert to reply it is worth working through the link below.

    http://www.computerhope.com/forum/index.php/topic,46313.0.html
    Logged

    DaveLembke



      Sage
      • Thanked: 662
    • Certifications: List
    • Computer: Specs
    • Experience: Expert
    • OS: Windows 10
    Re: PC under attack?
    « Reply #2 on: June 23, 2009, 02:16:05 PM »
    VNC can be a dangerous utility on your system..... reason being BlackVNC the hackers way to access your computer that is running an older copy of VNC which they dont even need a password to connect.

    I had a web server get nailed by BlackVNC attack once. I was going to use VNC to remote access my web server, and a hacker got right on in past ZoneAlarm with no problems because the BlackVNC uses same ports etc which are added to exclusion list.

    My solution was to go with RDP instead and change the Remote Desktop Terminal Services RDP Port from 3389 to an alternate port of choice such as 8080 to hide my server from attacks to default port probes.

    http://www.youtube.com/watch?v=I0_dkktUvDY

    Above is a video showing Black VNC Attack a hacked copy of the Open Source VNC that doesnt need any passwords.

    I would suggest using Remote Desktop and change port to something other than 3389 to use that instead. With that setup I havent had any issues and traffic is encrypted.

    VNC on a system is just waiting for an attack, and you are seeing port probes for it.
    « Last Edit: June 23, 2009, 02:32:16 PM by DaveLembke »
    Logged
    Pages: [1]   Go Up
    « previous next »