Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Gerard Dirks
Gerard Dirks Author
User level: Level 1
38 points

How to disable VNC login, after brut force vnc attack??

Hello


We have an OS X 10.6.8 Server. Whe normaly connect to the Network over L2TP. As BackDoor we have an ARD Forward vor 3282, 5900 & 5988.


Now we recognised a attack to login to our Server to VNC. This is failed.


09.04.13 18:43:57/System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/Mac OS/AppleVNCServer[218]Authentication: FAILED :: User Name: N/A :: Viewer Address: 1xx.1xx.2xx.2xx :: Type: VNC DES


Is it possible to disable to VNC Login after e.g. 5 attemps for anotther 1 hour.


In the GUI I can't find this option. Is their a way to do this with an CLI-Command


Who is able to help me

Regards

Posted on Apr 9, 2013 10:13 AM

Reply
2 replies
User profile for user: UptimeJeff
UptimeJeff
User level: Level 4
3,479 points

Apr 14, 2013 1:37 PM in response to Gerard Dirks

a simple approach is to change your VNC port so it's not hit by automated explot scripts.


many routers make this simple, they let you remap the public port to a different internal port


something like

55455 -> 5900



Then from mac


vnc://server.domain.com:55455



You can't count on this to protect you from a knowledgeable attacker with a purpose/mission directed at your organization.. but it does simply hide you from the auto-hacks, which are 99% of the problem

Reply

How to disable VNC login, after brut force vnc attack??

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up