On Wed, 16 May 2001, Scott C. Best wrote:
> > If I run nmap on another machine as follows:
> >
> > nmap -p 6001 host.machine
>
> Instead of running nmap on all those ports (the -p <number>,
> without the number, scans all the low numbered ports <1024, plus any
> that come with the nmap config files) have you tried just running it
> against the 5801/5901 ports? That'd be interesting to see if it
> crashed your Xvnc again.
I haven't tried it, but I don't like to crash it. Maybe someone else can
try it.
> > This is a very serious problem because it means that a port scan will
> > kill my VNC session. This has happened to me more than once, but I
> > didn't realize it until I scanned myself. It means that anyone in the
> > world can block my use of VNC.
> >
> > If there is some way I can protect myself, please let me know.
>
> Actually, in my experience, an nmap scan like this is rather
> unlikely in the "real world".
Like you, I'm in the "real world." It happens sometimes. If by
'unlikely' you mean that it doesn't happen often, I agree. If you mean
"unlikely to happen ever," then I disagree. Lately I've been getting
scans like this from China. As you suggested, they are not subtle. I
monitor several machines, so almost nothing seems subtle to me. The fact
that their activities are obvious doesn't seem to worry most of these
attackers.
Yes, I could put up a firewall.
This brings me to my original question: Is port 60xx DoS attack a known
VNC problem?
(I'm not criticizing VNC.)
Mike
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
