Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Gerard Dirks
Gerard Dirks Author
User level: Level 1
38 points

How to disable VNC login, after brut force vnc attack??

Hello


We have an OS X 10.6.8 Server. Whe normaly connect to the Network over L2TP. As BackDoor we have an ARD Forward vor 3282, 5900 & 5988.


Now we recognised a attack to login to our Server to VNC. This is failed.


09.04.13 18:43:57/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Mac OS/AppleVNCServer[218]Authentication: FAILED :: User Name: N/A :: Viewer Address: 1xx.1xx.2xx.2xx :: Type: VNC DES


Is it possible to disable to VNC Login after e.g. 5 attemps for anotther 1 hour.


In the GUI I can't find this option. Is their a way to do this with an CLI-Command


Who is able to help me

Regards

Posted on Apr 9, 2013 10:13 AM

Reply
2 replies
User profile for user: UptimeJeff
UptimeJeff
User level: Level 4
3,479 points

Apr 14, 2013 1:37 PM in response to Gerard Dirks

a simple approach is to change your VNC port so it's not hit by automated explot scripts.


many routers make this simple, they let you remap the public port to a different internal port


something like

55455 -> 5900



Then from mac


vnc://server.domain.com:55455



You can't count on this to protect you from a knowledgeable attacker with a purpose/mission directed at your organization.. but it does simply hide you from the auto-hacks, which are 99% of the problem

Reply

How to disable VNC login, after brut force vnc attack??

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up