Sign in to follow this  
Followers 0
sagarun

somebody spying on me?

5 posts in this topic

When i nmaped my own system, i saw the vnc port is open....But i haven't installed the vncserver...however i tried to connect my machine through a vnc viewer but it failed

my nmap output

[root@localhost ~]# nmap -v -sS 172.16.19.80

Starting Nmap 4.53 ( http://insecure.org ) at 2008-10-07 06:33 IST

mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns_servers

Initiating SYN Stealth Scan at 06:33

Scanning 172.16.19.80 [1714 ports]

Discovered open port 22/tcp on 172.16.19.80

Discovered open port 5902/tcp on 172.16.19.80

Discovered open port 5903/tcp on 172.16.19.80

Discovered open port 139/tcp on 172.16.19.80

Discovered open port 111/tcp on 172.16.19.80

Discovered open port 445/tcp on 172.16.19.80

Completed SYN Stealth Scan at 06:33, 0.16s elapsed (1714 total ports)

Host 172.16.19.80 appears to be up ... good.

Interesting ports on 172.16.19.80:

Not shown: 1708 closed ports

PORT STATE SERVICE

22/tcp open ssh

111/tcp open rpcbind

139/tcp open netbios-ssn

445/tcp open microsoft-ds

5902/tcp open vnc-2

5903/tcp open vnc-3

Read data files from: /usr/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 0.240 seconds

Raw packets sent: 1714 (75.416KB) | Rcvd: 3434 (144.240KB)

[root@localhost ~]#

I disabled the vncserver service...but sill the vnc port is open..is that a problem?

0

Share this post


Link to post
Share on other sites

Show a little initiative sir.. track down the controlling process, I'll give you a hint.. lsof.

0

Share this post


Link to post
Share on other sites

What is your operating system? it probably came with it. As you can't use it, it probably lacks proper configuration. Also, it may also be another application using the 590x ports, which are normally used by VNC. As for spying on you, I'd rather not use VNC: taking control of your computer remotely is quite likely to be discovered.

0

Share this post


Link to post
Share on other sites

well, i tried to install ltsp(linux terminal server project ) to make my machine works as a thin client server....on that process i installed a package called xinetd....(http://www.linuxfocus.org/English/November2000/article175.shtml) which is a replacement for traditional inetd..which is used by ltsp to start tftp server......That xinetd package started the vnc server (don't know why?)

I removed that package and i got my problem solved!!!

....So i don't think someone is spying on me :)

What is your operating system? it probably came with it. As you can't use it, it probably lacks proper configuration. Also, it may also be another application using the 590x ports, which are normally used by VNC. As for spying on you, I'd rather not use VNC: taking control of your computer remotely is quite likely to be discovered.

I am using Fedora core 9 aghaster :)

0

Share this post


Link to post
Share on other sites

You say you ran nmap on your own system, but did you run it from your own system? Running nmap on localhost will pick up ports bound to 127.0.0.1 and can generate some confusing results. To see which ports are open on your system, either run netstat (on Linux, I like running netstat -lntp to see listening TCP ports) or nmap from another machine. Netstat will give the most accurate and useful information, but if the host is compromised all that info is junk. Running nmap from a remote machine will give the best real-world information, but there are ways (such as port knocking and scan detection) that a malicious daemon can hide from detection. No short answers I'm afraid!

But yeah, fire up telnet or nc from another machine and see if you can connect to that port.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0