I am using uvnc server version 1.2.1.1
Occasionally I have been getting pop ups stating:
Remote Connection
could not connect
followed by an ip address which changes
My setup is configured to display a query window upon an incoming connection but this window does not pop up. It does pop up when i connect via normal channels.
Is this message a sign of some form of back door attempt or something else?
thanks for any advice and information
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Hack or bug?
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: Hack or bug?
That's a connection from a non "rfb protocol" device, Like a port scanner.
Vnc disconnect all non rfb connections, but give this popup.
This is before we check if the ip is allow a connection ( query popup or blacklisted ip)
The popup is only needed when vnc make an outgoing connection and fail.
In that case the rfb fail indicate a bad connection.
For incoming connections, vnc just need to ignore non rfb connections... yes it's a bug.
But still, it indicate that that ip address scan the vnc port on your pc.
Will be disabled in next update
Current Order
1) non rfb -> disconnect -> balloon indication
2) blacklist-> disconnect
3) check if query popup is required --> show popup
Vnc disconnect all non rfb connections, but give this popup.
This is before we check if the ip is allow a connection ( query popup or blacklisted ip)
The popup is only needed when vnc make an outgoing connection and fail.
In that case the rfb fail indicate a bad connection.
For incoming connections, vnc just need to ignore non rfb connections... yes it's a bug.
But still, it indicate that that ip address scan the vnc port on your pc.
Will be disabled in next update
Current Order
1) non rfb -> disconnect -> balloon indication
2) blacklist-> disconnect
3) check if query popup is required --> show popup
Re: Hack or bug?
Thanks Rudi,
This event caused me to take a furthe look at the logs. I noticed areference that looked like:
Wed Aug 31 09:08:58 2016
vncproperties.cpp : enddialog (OK)
--This security ID may not be assigned as the owner of this object.
vncproperties.cpp : dialog result = 1
c:\users\rudi\desktop\ultravnc_1211\winvnc\winvnc\vncpasswd.h : PASSWD : ToText called
I was wondering who rudi was, can I assume it was you and hardcoded somewhere in the compilation.
This event caused me to take a furthe look at the logs. I noticed areference that looked like:
Wed Aug 31 09:08:58 2016
vncproperties.cpp : enddialog (OK)
--This security ID may not be assigned as the owner of this object.
vncproperties.cpp : dialog result = 1
c:\users\rudi\desktop\ultravnc_1211\winvnc\winvnc\vncpasswd.h : PASSWD : ToText called
I was wondering who rudi was, can I assume it was you and hardcoded somewhere in the compilation.
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: Hack or bug?
c:\users\rudi\desktop\ultravnc_1211\winvnc\winvnc\vncpasswd.h
Is the path of a sourcefile, and yep it's on my desktop.
We generate a debug file during compilation, this allow us to analyse a crash dump.
Looks like the compiler add the actual path to find the debug lib.
Is the path of a sourcefile, and yep it's on my desktop.
We generate a debug file during compilation, this allow us to analyse a crash dump.
Looks like the compiler add the actual path to find the debug lib.
Re: Hack or bug?
It may be a bit offtopic, but I get this ballon too on server, when the network connection is lost in the middle of a connection attempt from the viewer.