Looks like my system has been attempted to be hacked. I've noticed a few times that I've returned, and the wallpaper was completely gone. Usually, a sign that I had VNC'd into the box, being that RDC has been acting like a 9 yr old bitch, and not working.

I check what is apparently a shitty router log, and it seemed that someone was trying on port 5900. Or at least did once. The other thing I noticed was someones destination port was bootpc. Anyone have a clue what that means?

So I fired up my local firewall, despite being behind a hardware firewall.

Is there a "safe" to still have access to my home system?

Could there be anything I'm missing?

Well a quick check of Dave's Port List gives 5900 as VNC's default port. The bootpc probing looks like a Poke-N-Hope attempt looking for Sub7 (or could be a meaningless random incident).

The average PC when connected to the internet is scanned for something every 20 seconds.

However, unless your system has been fully breached being that you mentioned only one attempt per each port, I'd say it just a random thing. Somebody typoed an IP and got "lucky". Script-Kiddies never try something once ... You'd of had a log overflow (thousands of failed attempts) if one of those idiots cut lose on the box.

I don't use VNC so ... If VNC brings up a login prompt, will that alone drop your wallpaper?

Try scanning you own machine (local Fwall off) and see if it's listening on any ports it shouldn't be.

Also, how "Bitchy" is RDC being? e.g. what exactly is it doing/not doing that it should/shouldn't be? Perhapps something it fighting it for the port...

VNC is fairly easily compromised. If you must open VNC on your router it's best to change the port to something obscure. Even better, don't open a port to it at all and connect over hamachi.

RDC is having connection issues. It just goes all slow when I try to put in my credentials, then dies off.
To be more specific: http://board.iexbeta.com/index.php?showtopic=69943&hl=

You should always have layers of security. I'm behind a hardware and software firewall. Hardware handles most things. While software stealthes my port and gives me control of outgoing information.

Also, I've only used VNC a couple of times. But can't you password protect the connection?

VNC records to the Application portion of the Windows Event log whenever there's a connection/disconnection so check there dk for confirmation.

I'm gonna check the VNC log. I haven't touched it in years since I've been using RDC. Now that its not working, I'm back to VNC.

I do have a password protecting the setup...so I just have to get into the logs.

Could anything else suddenly just be killing my wallpaper as if the display was reduced for optimized streaming

Get a decent router that'll VPN That way you won't need to open that port on the router - then on the box itself once you've got in via vpn, connect to it via local IP - unfortunately, you'll need to open that port on the PC's soft-firewall.

It's an unfortunate fact, run a service that'll be exposed, expect probing - at least.

and if you want to test some ports - google for "Shields Up".

VPNs are great if you've got the bandwidth to spare for the encrypted overhead ... most people don't. Not to mention VPNs run on (an open port...) 500. And an open port is an open port, it's gona get played with.

Did anyone check the hamachi link I posted? It's a free software based vpn that works great. You don't even have to forward any ports. It gives you a 5.x.x.x internet ip the can only be reached from another hamachi client. I've only got a 340k upload from my home network and it still works very well for me.

I did some more googling on the RDC error code 5 thing. Have you tried the 2nd session trick? Several people have reported that if the first session is left hung and a 2nd session is started it will connect.

Also there was mention of it being a client side permissions issue. No solutions were given, but it is an interesting angle. System service with bad creds plugging up the works...




@Arctirus - Yes I checked out hamachi.

There isn't going to be that much overhead - if any at all. A data session is a data session, whether its snoopable data or not. Encrypted streams however tend to be slower - not because of bandwidth issues, but because of the nature of encrypting and decrypting.

Also, open port... Just because a port is played with doesnt mean it'll do anything. The most anyone could see is that its a vpn port to a router, should the router even IDENT. VPN port != NC port on PC.

The best he could hope for in an encrypted session is to for a snooper to know where he's connected to, just not what data is being sent. and still his RNC session is protected and eliminated from outsiders.

Prob solved

edit: you know, this doesnt really sound hackish. There isnt enough evidence to prove anything really. Try some of our suggestions on securing things up a bit more, change some passwords, do a virus scan and be done with it

Huh?! Anything that isn't payload is overhead...When you start adding headers to a packet it doesn't get bigger, the payload just gets that much smaller.

Smaller payload = more packets = more bandwidth Why else would DES3 be a no-no on a dialup connection? Not-Enough-Bandwidth.

The "work" of encrypting/decrypting can be off-loaded a number of ways, but you still must have a big enough "pipe" so that you can waste a little.

I've seen way to many VPNs (client to gateway and gateway to gateway) go to hell on low bandwidth (e.g. tits up broadband) connections (we're talking 20+min to get to a desktop), backoff on the encryption a bit till the ISP can be convinced that there is a problem and the client can get back to work (or at least half-assed function) till they fix the line.

Well, since I've disabled the port forwarding for my VNC, things have been fine. It's entirely possible it wasn't hacking. I also have my local firewall on now, in addition to my router. I'm not sure how I feel about that, but we'll see.

As for RDC. I did try the 2nd session trick, with no luck. Apparently alot of people are hating the new client, and I wonder if it was something else besides the client that got updated to cause it.
I got the new client in January, which is about the time the problem started happening.

So...I uninstalled it, and I'll see how it pans out. I've been a bit busy lately, so I haven't had time to experiment much.

Also, I'll be switching to Vista shortly. I just need to locate vista compatible apps, and take the time to wipe my machine.

Which apps (or what typeof apps) are you looking for? Due to the death of my old puter, I've been forced to make the Vista jump a bit early but it's gone OK so far. I'm running Vista x64 Business Edition.

There is a small overhead per packet - that is correct, but not anything near enough that would call VPN technology a bandwidth killer.

Bandwidth is bandwidth, and if im connected to a pipe that can spit out 1.5 and i can download at 6, i'll still get it at 1.5 - no matter what the data content is. Time it takes to download something depends on data size - just like everything else on the internet.

If DK vpn's in to do a vnc session, that's a lot of data being sent, so whether its encrypted or not, it would be nice to have decent upload speeds from the host machine. If he vpn's in to ftp to a box to grab some docs, you wont notice much at all as far as a "slow down".