4.1.1 Hacked
evets dranem
edranem "at" dranem.org
Fri Jul 21 03:59:01 2006
John Aldrich wrote:
>vnc-list-admin "at" realvnc.com wrote on Sunday, May 28, 2006 3:04 PM:
>
>
>
>>One of my servers which had 4.1.1 was hacked, when you try
>>and connect with a VNC client you get: a message telling
>>you "not an RFB server".
>>
>>If you telnet into port 5900 you get a nice Haxed message.
>>
>>Anyway all fine I have changed ports and installed 4.2,
>>and blocked VNC to this server to only trusted IP's,
>>however I would like to find out the dll or exe that is
>>still on the server, does anyone know how I can see what
>>is bound to port 5900, or know what the file is so I can
>>squish the bug.
>>
>>
>>
>Ad-Aware and SpyBot S&D are your friends. AdAware is a free download from
>http://www.lavasoft.de and SpyBot is from http://www.safer-networking.org
>_______________________________________________
>VNC-List mailing list
>VNC-List "at" realvnc.com
>To remove yourself from the list visit:
>http://www.realvnc.com/mailman/listinfo/vnc-list
>
>
>
No that is not sufficient
SysInternals
regmon & Filemon will probably be required and
yu'll need to compare againt a known clean machine with vnc 43 installed
listdlls & handel will help 2