[Dshield] Expect port 5900 probes

Bruce Lilly blilly at erols.com
Fri Aug 16 14:58:18 GMT 2002


VNC is a remote control package which uses TCP port 5900
by default when running on MS Windows machines.  The following
was recently posted to the VNC mailing list:

> From: "EXT-Bellers, Chris" <chris.bellers at boeing.com>
> Date: Thu, 15 Aug 2002 12:03:22 -0500
> To: security at microsoft.com, vnc-list at realvnc.com
> 
> I recently tested the current vnc release (v3.3.3 R9) against the win32
> 'shatter' attacks recently referenced on many security mailing lists, and
> found that I can indeed obtain LocalSystem privileges using the same
> methods.
> 
> I'm sure that most of the readers of most security lists and the vnc lists
> hold no illusions about the security provided by vnc, but this is
> regrettably something that falls outside the bounds of the typical
> cipher-strength and challenge problems.
> 
> I'll post to the usual security forums in a week unless otherwise directed.
> 
> References:
> http://security.tombom.co.uk/shatter.html
> 
> Thanks in advance
> 
> Sincerely,
> 
> Chris Bellers
> OSA System Administrator
> Phantom Works, Boeing 

See http://www.realvnc.com for more information regarding VNC.




More information about the list mailing list