Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: chicodaman
chicodaman Author
User level: Level 1
20 points

Attempted VNC break-ins

I have a Macbook I use as a media server. I was checking security.log via console, and saw a continuous stream of attempted but failed VNC logins. I have it set up for outside access (through a router) so I can control it while on the road.


I don't keep any private data on this machine (it's only for my media center needs) but this seems curious. Note that the attempts to log in come from many different ip addresses (which may be to camoflage the attacker).


Anybody have any thoughts on this? Thanks.... chico


Nov 16 16:56:03 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 188.130.251.27 :: Type: VNC DES

Nov 16 16:56:33: --- last message repeated 4 times ---

Nov 16 17:18:42 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 86.34.194.62 :: Type: VNC DES

Nov 16 17:19:22: --- last message repeated 1 time ---

Nov 16 17:19:22 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 89.121.248.75 :: Type: VNC DES

Nov 16 17:20:24: --- last message repeated 1 time ---

Nov 16 17:20:24 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 78.46.69.23 :: Type: VNC DES

Nov 16 17:22:15: --- last message repeated 1 time ---

Nov 16 17:22:15 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 188.64.186.139 :: Type: VNC DES

Nov 16 17:22:34: --- last message repeated 1 time ---

Nov 16 17:22:34 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 89.122.216.132 :: Type: VNC DES

Nov 16 17:24:27: --- last message repeated 1 time ---

Nov 16 17:24:27 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.41.216.228 :: Type: VNC DES

Nov 16 17:43:30: --- last message repeated 1 time ---

Nov 16 17:43:30 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 94.236.192.198 :: Type: VNC DES

Nov 16 17:44:00: --- last message repeated 1 time ---

Nov 16 17:55:04 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 89.121.161.232 :: Type: VNC DES

Nov 16 17:57:03 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 220.249.99.34 :: Type: VNC DES

Nov 16 18:00:08: --- last message repeated 4 times ---

** THIS IS ME CONNECTING FROM REMOTE SITE **

Nov 16 18:00:08 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: SUCCEEDED :: User Name: mediacenter :: Viewer Address: 76.126.xxx.xxx (** REDACTED BY ME**) :: Type: DH

Nov 16 18:30:44 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.43.129.8 :: Type: VNC DES

Nov 16 18:31:14: --- last message repeated 18 times ---

Nov 16 18:31:14 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.43.129.8 :: Type: VNC DES

Nov 16 18:31:44: --- last message repeated 19 times ---

Nov 16 18:31:44 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.43.129.8 :: Type: VNC DES

Nov 16 18:32:17: --- last message repeated 16 times ---

Nov 16 18:32:17 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.43.129.8 :: Type: VNC DES

Nov 16 18:32:49: --- last message repeated 8 times ---

Nov 16 18:32:49 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.43.129.8 :: Type: VNC DES

Nov 16 18:33:19: --- last message repeated 15 times ---

Nov 16 18:33:19 Media-Center /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Ma cOS/AppleVNCServer[164]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 212.43.129.8 :: Type: VNC DES


ETC. ETC. ETC.


Any ideas, anyone?

MacBook, Mac OS X (10.6.8), Running 10.6.8 on the media server.

Posted on Nov 19, 2012 2:48 PM

Reply

There are no replies.

Attempted VNC break-ins

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up