Urgent !!! Is vnc viewer a peeper ?

Discussion in 'Linux Networking' started by Sally, Aug 28, 2005.

  1. Sally

    Sally Guest

    Wise decision...

    Sally, Aug 31, 2005
    1. Advertisements

  2. Sally

    Postmaster Guest


    Having re-read your original post and all follow-ups, I think
    the original question was answered, however if not, then
    perhaps the original question was misinterpreted. Since
    the original post contained awkward syntax and mis-spelled
    words, this may indicate that the poster is posting in a second
    language. This can easily lead to mis-communications. I know,
    my Italian sux :)

    The original post:
    "Sorry, I am a complete novice to linux : but still I would
    like to know : If the vnc viewer is installed in my computer
    and the host address written in my connections, can the host
    excess my computer as soon as I am on line
    (without me knowing it)?

    Sally "

    Possible areas of confusion:

    "host address written in my connections"

    What is "my connections" ? Is this a Windows system ? If so,
    why would this post be in a Linux news group ? If not,
    please describe the terminology being used.

    "can the host excess my computer"

    Host ? Is this another system, or the local host system ?

    "excess my computer"

    One might expect to read "access", but the usage of the
    word "excess" may be another indication of second
    language awkwardness ? or a deep thinker with a sense
    of humor referring to zombie or smurf ?

    "excess my computer"

    Assuming one means "access", it would depend on
    where the other system resides. If your system
    is behind a firewall, or NAT device, and the other
    system is outside, then the answer is probably No.
    The NAT or firewall would block unsolicited inbound

    If your system is a Windows XP system, and has SP2
    then the default firewall rules would also block inbound
    connections. In fact, you would have to take specific
    action to disable the built-in firewall if you ever decided
    that you wanted to use VNC.

    "Without me knowing it"

    It would depend on the system that has the VNC server
    installed. On a Windows system the VNC icon in the system
    tray changes color whenever anyone is accessing the
    VNC server. On some versions of the VNC server it
    not only changes color, but it blinks ( trust me, you can't
    miss the annoying blinking :)

    On a Linux system, one could easily use netstat -s
    and look for the TCP port associated with the VNC server.
    The ports that VNC uses start at 5900, for display :0
    and increase monotonically for each display. Example:
    display :1 -> TCP port 5901, display :2 -> TCP port 5902
    If one were to use netstat -a and search for the word
    "ESTABLISHED" on the same line as the associated
    TCP port, then yes, someone is connected.

    "Without me knowing it"

    Whenever anyone tries to connect to the VNC server
    on your system, it will be challenged for the VNC password.
    Since you can change this password, then it would be
    very unlikely that someone could attach without you knowing
    it. You can use the "properties" of the VNC icon to access
    properties and change the password.
    On a Linux system, you can run "vncpasswd" and set
    the VNC password.

    If the VNC server is on a Windows system, the you could
    use the control panel, administrative tools, services, and
    simply disable the VNC service, or even "remove" the
    service completely.
    On a Linux system, you could use "chkconfig" to disable
    the automatic startup of the VNC server, or edit
    /etc/sysconfig/vncservers and modify until you're happy.

    "as soon as I am on line"

    If VNC is installed on your system, you do not need
    to login for someone to access VNC ( If they have
    connectivity to your system, and the proper password)
    The VNC server can be started, as a background process,
    out of /etc/rc.d/rc3.d/*vnc* ( On Linux systems )
    or can be started as part of the normal boot process
    on Windows systems.

    If your system is connecting to the network via
    a dialup connection, then it is likely that your IP address
    is being assigned dynamically. This would make it more
    challenging for intruders to attach as your address keeps

    In general, the VNC server is pretty much above board
    and the user is kept aware of connections. ( Blinking icons
    and so on) It also uses passwords, so only those that
    have the password can attach. There are other software
    packages that are not nearly as friendly and are indeed
    covert. In my mind, VNC is friendly and not a threat.

    Moving up one level....How can one detect if some other
    system is accessing your system using ANY software package ?
    There are many software packages that are indeed
    covert spyware. But alas, even covert trash can not do
    its job without connectivity and passing network traffic.
    If "Ethereal" is not already installed, one could install it,
    and use it to monitor all network traffic. This tool permits
    one to examine ALL network packets that are going in
    or out of your box. Thus, if anyone is trying to communicate
    with your system, you can see it. You can also use
    Ethereal to create a log of any suspicious traffic. Should
    you detect illegal access, the logs would be very helpful
    for your IT department, and for taking any legal action.

    If you suspect that your system may contain such packages
    you may find that using "Spybot" is very helpful. This
    is another freeware package that is used to detect and
    remove Spyware. Once installed and run, you will be
    provided with a list of all of the possible mal-ware, and
    given the option to make the go away :) I highly
    recommend SpyBot, and its regular use.

    I hope this helps, if not, please re-state the question so that
    I may try to re-interpret the intent.


    P.S. For those geeks, like me, that love technical details... Ok
    display :0 -> TCP port 5900 for VNC viewer
    display :0 -> TCP port 5800 for Web browser/Java applet interface.
    For crossing firewalls you can DNAT these ports.. it works fine.
    Use over ssh works fine too.
    Postmaster, Aug 31, 2005
    1. Advertisements

  3. If the VNCServer program isn't running, they can't snoop your computer. If
    you want to be sure, see if vncserver.exe is installed somewhere and if
    so, delete it. Use the process manager to see if it is running, and if so
    kill it.
    John Thompson, Sep 1, 2005
  4. Sally

    Sally Guest


    thanks for your detailed answer, I appreciate the effort.

    (I misspelled "access" in the first mail, my mistake, when I realized, it
    was already gone..)

    It is a Linux system. "Host" it is called in the modem configurations.

    The "host" lives in another town.

    There is no firewall or any other protection.

    Passwords etc. could have been all set up, before I received the computer,
    the recipients usually don't have access to the administrative side of the
    computer, as a safety measure (avoiding system damage).

    on-line = Internet

    Thanks, Postmaster, you have indeed been great help, one question I have:
    Why do you call yourself "Postmaster ???

    Sally, Sep 3, 2005
  5. Sally

    Postmaster Guest


    Glad to be of assistance.

    Why do I call myself postmaster... A long story and
    technical magic comes into play. Note: For a person that
    wishes not to become a wizard, you seem to keep
    seeking the magic :)

    All systems that have a registered DNS address have
    an email account with the name 'postmaster'. This
    is the account that is established so as any failures
    can be sent to some account that will exist and is
    responsible for maintaining the email system. So.. in
    general this email account must exist.

    DNS.. (Domain Name Service.) This is the service
    that maps a computer's name ( foo.abc.net ) to its
    IP address. For any system to be found by its name
    it must be registered in the DNS space, so others
    can find the name to IP address translation.
    DNS is a fairly complex topic, the above description
    is a huge simplification :)

    More technical magic...
    You may not have noticed, but the reply email address
    to my posts is This is a special IP address
    as it again must exist on all systems. This is the loopback
    IP address on all computer systems. Anything sent to
    this IP address simply gets delivered to the same
    system that sent it. This IP address has several uses
    on systems, I just leverage its existence. is one of the many special IP addresses that
    were set aside for special purposes when the IP address
    space architecture was being designed. Take a peek at
    http://www.iana.org to dig deeper, should you wish.

    So... if some spammer tries to send me email, after gathering
    my email address from my newsgroup posts, then various
    magical things will happen.

    If the spammer sends email directly. (they have an email
    server) then the email will be sent to the loopback
    IP address on their email server, which will in turn
    be delivered to the 'postmaster' account on the DNS
    registered host. If the spammer is the maintainer of the
    system, then their spam will in fact be delivered to them
    selves. If they are not, then the person that maintains this
    system will not be a happy camper.

    If the spammer sends email via another (remote) email
    server, (like an ISP email server) then the spam will again
    be delivered to the maintainer of the email server. (possibly an
    ISP guru) and again the 'postmaster' will receive their spam.
    If this is an ISP, they will most certainly track down the
    customer that is doing this, and terminate their account.

    If the spammer is sending email from an un-registered
    (DNS) email server, and the account 'postmaster' does
    not exist on this system, then the email will not be able
    to be delivered, and it will in turn bounce back to the
    origination, with an error. Again, delivering all the spam back
    to its author.

    With every turn, the spam returns home to its creator,
    sucking up their spool space and filling up their
    inbox with their spam. The best case is they simply
    have to delete all the spam that came back at them. The
    worst case is the spam got delivered to the postmaster
    at their ISP, resulting in their immediate account termination.

    Needless to say: [email protected] is very special
    and will have very interesting results, should someone
    decide to blast away with their spam engine :) This
    email address was not chosen randomly. It has a very
    specific design and intent. This email address always
    exists, and it is never a good idea to spam it :)

    Postmaster, Sep 4, 2005
  6. Sally

    Sally Guest

    An educated guess would be, that only a wizard could work out point 1 :
    "Note:.." and point 2 : "postmaster:.." (That one is really impressive!)

    Thanks again

    Sally, Sep 5, 2005
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.