Mike:
Hello! Some thoughts on what you're seeing:
> If I run nmap on another machine as follows:
>
> nmap -p 6001 host.machine
Instead of running nmap on all those ports (the
-p <number>, without the number, scans all the low numbered
ports <1024, plus any that come with the nmap config files)
have you tried just running it against the 5801/5901 ports?
That'd be interesting to see if it crashed your Xvnc again.
> This is a very serious problem because it means that a port scan will
> kill my VNC session. This has happened to me more than once, but I
> didn't realize it until I scanned myself. It means that anyone in the
> world can block my use of VNC.
>
> If there is some way I can protect myself, please let me know.
Actually, in my experience, an nmap scan like this is
rather unlikely in the "real world". A scan like this, against
all 1024 low numbered ports, is about as subtle as a brick, and
stands out like a bonfire in the firewall logs. In fact, using
nmap (or Nessus) is a good way to DoS attack a firewall, as it
creates thousands of log entries very quickly that could fill
the system disk on some thin-server systems.
Which of course gets to my final point: you can protect
yourself against port scans by putting a firewall in between your
Internet connection and your VNC Solaris machines. Then the
firewall would take the heat from nmap, and not your VNC servers.
cheers,
Scott
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
