FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu User

 
 
LinkBack Thread Tools
 
Old 02-16-2009, 08:18 AM
Matthew Flaschen
 
Default heads up, folks: random vnc (remote desktop) attempts

Christopher Chan wrote:
> Lie Ryan wrote:
>> On Mon, 16 Feb 2009 00:54:54 -0200, Norberto Bensa wrote:
>>
>>
>>> On Mon, Feb 16, 2009 at 12:37 AM, H.S. <hs.samix@gmail.com> wrote:
>>>
>>>> Does Canonical provide anything similar to Cygwin?
>>>>
>>> Yes. Ubuntu :-)
>>>
>>> I know, I know... I just couldn't resist :-)
>>>
>> What do you (Norberto Bensa) mean by "providing anything similar to
>> Cygwin"? Cygwin's purpose is to provide POSIX environment (i.e. Unix/
>> Linux environment) to Windows. Since Ubuntu is 100% Linux, it already
>> fully POSIX. I think you might have meant whether there is a program that
>> provide Windows' Environment in Ubuntu, in that case it is "wine".
>>
>>
> I beg to differ. Linux is not fully posix. Any UNIX operating system is
> fully posix but not GNU/Linux.
>
> http://en.wikipedia.org/wiki/POSIX

I think you're misunderstanding that page. GNU/Linux is not /certified/
as POSIX. Certification requires you pay several fees
(http://posixcertified.ieee.org/posix-fee-schedule-1.0.pdf) and pass
conformance tests. Obviously, those tests don't cover everything, and
certified implementations are no more guaranteed to be perfect than
uncertified implementations (such as GNU/Linux). Either way, bugs are
quite possible.

Matt Flaschen

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 09:28 AM
Norberto Bensa
 
Default heads up, folks: random vnc (remote desktop) attempts

On Mon, Feb 16, 2009 at 4:52 AM, Lie Ryan <lie.1296@gmail.com> wrote:
> On Mon, 16 Feb 2009 00:54:54 -0200, Norberto Bensa wrote:
>
>> On Mon, Feb 16, 2009 at 12:37 AM, H.S. <hs.samix@gmail.com> wrote:
>>> Does Canonical provide anything similar to Cygwin?
>>
>> Yes. Ubuntu :-)
>>
>> I know, I know... I just couldn't resist :-)
>
> What do you (Norberto Bensa) mean by "providing anything similar to
> Cygwin"? Cygwin's purpose is to provide POSIX environment (i.e. Unix/
> Linux environment) to Windows. Since Ubuntu is 100% Linux, it already
> fully POSIX. I think you might have meant whether there is a program that
> provide Windows' Environment in Ubuntu, in that case it is "wine".

You don't have sense of humor, I may guess ;-)

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 02:32 PM
Chan Chung Hang Christopher
 
Default heads up, folks: random vnc (remote desktop) attempts

>>> What do you (Norberto Bensa) mean by "providing anything similar to
>>> Cygwin"? Cygwin's purpose is to provide POSIX environment (i.e. Unix/
>>> Linux environment) to Windows. Since Ubuntu is 100% Linux, it already
>>> fully POSIX. I think you might have meant whether there is a program that
>>> provide Windows' Environment in Ubuntu, in that case it is "wine".
>>>
>>>
>>>
>> I beg to differ. Linux is not fully posix. Any UNIX operating system is
>> fully posix but not GNU/Linux.
>>
>> http://en.wikipedia.org/wiki/POSIX
>>
>
> I think you're misunderstanding that page. GNU/Linux is not /certified/
> as POSIX. Certification requires you pay several fees
> (http://posixcertified.ieee.org/posix-fee-schedule-1.0.pdf) and pass
> conformance tests. Obviously, those tests don't cover everything, and
> certified implementations are no more guaranteed to be perfect than
> uncertified implementations (such as GNU/Linux). Either way, bugs are
> quite possible.
>
I do not think I am misunderstanding.

http://www.opengroup.org/rtforum/uploads/40/7319/POSIX_and_Linux_Application_Compatibility_v0.92_re leased_22_April_05.pdf

Maybe things have changed in the last few years but I doubt it.

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 07:01 PM
NoOp
 
Default heads up, folks: random vnc (remote desktop) attempts

On 02/15/2009 05:08 PM, H.S. wrote:
> Hi,
>
> A few weeks ago I was helping a friend fix a few quirks with his brand
> new machine and Ubuntu install (64 bit, newest version, Jaunty?). So I
> asked him to start his remote desktop (VNC) with no password but which
> required his permission to let a client connect to his desktop.
>
> He forwarded port 5900 on his router to his machine and all worked well.
> I was able to see his desktop successfully.
>
> We did our work and thought nothing about it later.
>
> It turns out that after a few days he noticed some unexplainable IP
> address requesting to see his desktop. He knew it was not me. He
> immediately denied the request and removed the port forwarding on his
> firewall for good measure.
>
> Since then, he just has his SSH port forwarded and I tunnel VNC
> connection through it. This is the most secure way I can think of at
> present to do this.
>
> Lesson: looks like there are rogue attempts to open a vnc connection on
> random IP addresses. This is akin to random attempts at trying to
> connect via the SSH port that many people may have noticed in
> /var/log/auth.log. So folks, just do not setup your remote desktop
> without some sort of security, preferably both password and permission
> prompt.
>
> Regards.
>

As you know by now, 5900 is a well known port that is scanned for
regularly. See some of the previous threads on this, but you can easily
change the port number to make it a little less obvious for script
kiddies etc. if you just need to get in and out briefly.

http://isc.sans.org/port.html?port=5900



--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 07:21 PM
"H.S."
 
Default heads up, folks: random vnc (remote desktop) attempts

NoOp wrote:

> As you know by now, 5900 is a well known port that is scanned for
> regularly. See some of the previous threads on this, but you can easily
> change the port number to make it a little less obvious for script
> kiddies etc. if you just need to get in and out briefly.
>
> http://isc.sans.org/port.html?port=5900
>
>
>

Thanks for interesting URL.

Just out of curiosity, apart from the rogue user actually opening the
desktop and fiddling with the user's files and folders, in what other
way can this be exploited in relation to vino (the service that runs in
Ubuntu for remote desktop)?

--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 08:23 PM
Chris Mohler
 
Default heads up, folks: random vnc (remote desktop) attempts

On Tue, Feb 17, 2009 at 2:21 PM, H.S. <hs.samix@gmail.com> wrote:
> NoOp wrote:
>
>> As you know by now, 5900 is a well known port that is scanned for
>> regularly. See some of the previous threads on this, but you can easily
>> change the port number to make it a little less obvious for script
>> kiddies etc. if you just need to get in and out briefly.
>>
>> http://isc.sans.org/port.html?port=5900
>>
>>
>>
>
> Thanks for interesting URL.
>
> Just out of curiosity, apart from the rogue user actually opening the
> desktop and fiddling with the user's files and folders, in what other
> way can this be exploited in relation to vino (the service that runs in
> Ubuntu for remote desktop)?

One bad scenario:
1. Open terminal
2. Install rootkit
3. Join botnet/spam network

Chris

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 08:26 PM
"H.S."
 
Default heads up, folks: random vnc (remote desktop) attempts

Chris Mohler wrote:

>
> One bad scenario:
> 1. Open terminal
> 2. Install rootkit

How to install the kit without root privileges?


> 3. Join botnet/spam network
>
> Chris
>


--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 08:40 PM
"Mark Haney"
 
Default heads up, folks: random vnc (remote desktop) attempts

H.S. wrote:
> Chris Mohler wrote:
>
>> One bad scenario:
>> 1. Open terminal
>> 2. Install rootkit
>
> How to install the kit without root privileges?
>
>
>> 3. Join botnet/spam network
>>
>> Chris
>>
>
>
This is a ubuntu list right? Ever heard of sudo?


--
Frustra laborant quotquot se calculationibus fatigant pro inventione
quadraturae circuli

Mark Haney
Sr. Systems Administrator
ERC Broadband
(828) 350-2415

Call (866) ERC-7110 for after hours support

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 08:44 PM
"H.S."
 
Default heads up, folks: random vnc (remote desktop) attempts

Mark Haney wrote:
> H.S. wrote:
>> Chris Mohler wrote:
>>
>>> One bad scenario:
>>> 1. Open terminal
>>> 2. Install rootkit
>> How to install the kit without root privileges?
>>
>>
>>> 3. Join botnet/spam network
>>>
>>> Chris
>>>
>>
> This is a ubuntu list right? Ever heard of sudo?
>
>

Yeah, the the question stands, but I will rephrase. How can one install
a rootkit without sudo privileges?



--

Please reply to this list only. I read this list on its corresponding
newsgroup on gmane.org. Replies sent to my email address are just
filtered to a folder in my mailbox and get periodically deleted without
ever having been read.


--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 
Old 02-16-2009, 08:45 PM
Chris Mohler
 
Default heads up, folks: random vnc (remote desktop) attempts

On Tue, Feb 17, 2009 at 3:26 PM, H.S. <hs.samix@gmail.com> wrote:
> Chris Mohler wrote:
>
>>
>> One bad scenario:
>> 1. Open terminal
>> 2. Install rootkit
>
> How to install the kit without root privileges?

You may find this interesting:
http://www.megasecurity.org/papers/Rootkits.pdf

There are a variety of methods, and no - sudo is not a magic panacea
that will prevent a black hat with shell access from becoming SUID.

Chris

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 04:37 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org