incoming connection to Winvnc .. is my VNC compromised ?

[ruckb]

Hello,
I have UltraVNC 1.2.0.1 (guess installed just recently) running on my machine. In addition I have the comodo Firewall installed.
I'm using UltraVNC since a long time .. but today I got the first time a message from my Comodo that there is an incoming connection from the net to my Winvnc.

the souce is IP 82.14.71.157.
I did a tracert on this one with the following result:

tracert 82.14.71.157
Routenverfolgung zu cpc14-pete9-2-0-cust156.4-4.cable.virginm.net [82.14.71.157] über maximal 30 Abschnitte:

1 1 ms <1 ms 1 ms fritz.box [192.168.178.1]
2 1 ms 1 ms 1 ms 192.168.1.1
14 30 ms 30 ms 30 ms s-eb6-i.S.DE.NET.DTAG.DE [62.154.23.10]
15 59 ms 45 ms 35 ms f-ed4-i.F.DE.NET.DTAG.DE [62.154.14.210]
16 33 ms 32 ms 53 ms 80.150.169.146
17 56 ms 54 ms 45 ms ae0-xcr1.amd.cw.net [195.2.28.29]
18 54 ms 53 ms 58 ms ae8-xcr1.lsw.cw.net [195.2.25.93]
19 76 ms 54 ms 51 ms virginmedia-gw1.lsw.cw.net [166.63.211.130]
20 63 ms 51 ms 47 ms popl-bb-2a-ae3-0.network.virginmedia.net [62.254.42.93]
21 78 ms 54 ms 49 ms popl-bb-1b-ae0-0.network.virginmedia.net [62.254.42.90]
22 55 ms 57 ms 54 ms pete-core-2b-ae0-0.network.virginmedia.net [62.253.175.141]
23 83 ms 68 ms 68 ms pete-cmts-09-tenge010.network.virginmedia.net [80.3.130.70]
24 181 ms 155 ms 170 ms cpc14-pete9-2-0-cust156.4-4.cable.virginm.net [82.14.71.157]

Now I'm very much concerned that my vnc is compromised ..
did anybody have a similar connection seen ?
Who is pete9 ????

Thanks for any feedback ..

Hermann

[Rudi De Vos]

http://db-ip.com/82.14.71.157

verify
mslogon.log OR windows events.
All logons are logged.

[ruckb]

Thanks for the feedback ..

Oh my god:

29/6/2014 18:51 Invalid attempt from client 74.40.17.18
29/6/2014 19:18 Invalid attempt from client 74.40.17.18
29/6/2014 19:31 Invalid attempt from client 194.146.132.130
29/6/2014 19:45 Invalid attempt from client 74.40.17.18
29/6/2014 19:49 Invalid attempt from client 74.85.24.170
29/6/2014 20:11 Invalid attempt from client 74.40.17.18
29/6/2014 20:38 Invalid attempt from client 74.40.17.18
29/6/2014 21:05 Invalid attempt from client 74.40.17.18
29/6/2014 21:11 Invalid attempt from client 74.85.24.170
29/6/2014 21:32 Invalid attempt from client 74.40.17.18
29/6/2014 21:59 Invalid attempt from client 74.40.17.18
29/6/2014 22:26 Invalid attempt from client 74.40.17.18
29/6/2014 22:33 Invalid attempt from client 74.85.24.170
29/6/2014 22:53 Invalid attempt from client 74.40.17.18
29/6/2014 23:20 Invalid attempt from client 74.40.17.18
30/6/2014 7:50 Invalid attempt from client 74.40.17.18
30/6/2014 8:08 Invalid attempt from client 74.85.24.170
30/6/2014 8:17 Invalid attempt from client 74.40.17.18
30/6/2014 8:43 Invalid attempt from client 74.40.17.18
30/6/2014 9:09 Invalid attempt from client 74.40.17.18
30/6/2014 9:28 Invalid attempt from client 74.85.24.170
30/6/2014 9:35 Invalid attempt from client 74.40.17.18
30/6/2014 10:01 Invalid attempt from client 74.40.17.18
30/6/2014 10:28 Invalid attempt from client 74.40.17.18
30/6/2014 10:47 Invalid attempt from client 74.85.24.170
30/6/2014 10:54 Invalid attempt from client 74.40.17.18
30/6/2014 11:20 Invalid attempt from client 74.40.17.18
30/6/2014 11:47 Invalid attempt from client 74.40.17.18
30/6/2014 12:06 Invalid attempt from client 74.85.24.170
30/6/2014 12:13 Invalid attempt from client 74.40.17.18
30/6/2014 12:39 Invalid attempt from client 74.40.17.18
30/6/2014 13:05 Invalid attempt from client 74.40.17.18
30/6/2014 23:30 Invalid attempt from client 85.94.104.233
28/7/2014 11:58 Invalid attempt from client 74.117.184.1
28/7/2014 14:27 Invalid attempt from client 74.117.184.1
28/7/2014 16:54 Invalid attempt from client 74.117.184.1
7/8/2014 9:10 Invalid attempt from client 197.248.96.194
7/8/2014 9:52 Invalid attempt from client 197.248.96.194
7/8/2014 10:34 Invalid attempt from client 197.248.96.194
7/8/2014 11:17 Invalid attempt from client 197.248.96.194
7/8/2014 11:59 Invalid attempt from client 197.248.96.194
7/8/2014 12:42 Invalid attempt from client 197.248.96.194
7/8/2014 14:11 Invalid attempt from client 197.248.96.194
7/8/2014 15:38 Invalid attempt from client 197.248.96.194
7/8/2014 17:03 Invalid attempt from client 197.248.96.194
7/8/2014 18:33 Invalid attempt from client 197.248.96.194
7/8/2014 19:59 Invalid attempt from client 197.248.96.194
8/8/2014 11:12 Invalid attempt from client 80.82.78.170
9/8/2014 11:20 Invalid attempt from client 80.82.78.170
9/8/2014 20:25 Invalid attempt from client 80.82.78.170
10/8/2014 11:46 Invalid attempt from client 80.82.78.170
10/8/2014 14:48 Invalid attempt from client 80.82.78.170
11/8/2014 9:03 Invalid attempt from client 80.82.78.170
11/8/2014 12:06 Invalid attempt from client 80.82.78.170
11/8/2014 14:10 Invalid attempt from client 23.227.196.20
11/8/2014 14:40 Invalid attempt from client 23.227.196.20
11/8/2014 15:08 Invalid attempt from client 80.82.78.170
11/8/2014 15:18 Invalid attempt from client 23.227.196.20
11/8/2014 15:38 Invalid attempt from client 23.227.196.20
11/8/2014 15:46 Invalid attempt from client 23.227.196.20
11/8/2014 15:53 Invalid attempt from client 23.227.196.20
11/8/2014 16:01 Invalid attempt from client 23.227.196.20
11/8/2014 16:09 Invalid attempt from client 23.227.196.20
11/8/2014 16:24 Invalid attempt from client 23.227.196.20
11/8/2014 16:39 Invalid attempt from client 23.227.196.20
11/8/2014 16:55 Invalid attempt from client 23.227.196.20
11/8/2014 17:11 Invalid attempt from client 23.227.196.20
11/8/2014 17:27 Invalid attempt from client 23.227.196.20
11/8/2014 17:42 Invalid attempt from client 23.227.196.20
11/8/2014 17:58 Invalid attempt from client 23.227.196.20
11/8/2014 18:10 Invalid attempt from client 80.82.78.170
11/8/2014 18:21 Invalid attempt from client 23.227.196.20
11/8/2014 18:37 Invalid attempt from client 23.227.196.20
11/8/2014 18:52 Invalid attempt from client 23.227.196.20
11/8/2014 19:08 Invalid attempt from client 23.227.196.20
11/8/2014 19:24 Invalid attempt from client 23.227.196.20
11/8/2014 19:40 Invalid attempt from client 23.227.196.20
11/8/2014 19:55 Invalid attempt from client 23.227.196.20
11/8/2014 20:11 Invalid attempt from client 23.227.196.20
11/8/2014 20:27 Invalid attempt from client 23.227.196.20
11/8/2014 20:43 Invalid attempt from client 23.227.196.20
11/8/2014 20:59 Invalid attempt from client 23.227.196.20
11/8/2014 21:12 Invalid attempt from client 80.82.78.170
11/8/2014 21:23 Invalid attempt from client 23.227.196.20
11/8/2014 21:31 Invalid attempt from client 85.196.133.126
11/8/2014 21:31 Invalid attempt from client 23.227.196.20
11/8/2014 21:32 Invalid attempt from client 85.196.133.126
11/8/2014 21:33 Invalid attempt from client 85.196.133.126
11/8/2014 21:34 Invalid attempt from client 85.196.133.126
11/8/2014 21:35 Invalid attempt from client 85.196.133.126
11/8/2014 21:35 Invalid attempt from client 85.196.133.126
11/8/2014 21:36 Invalid attempt from client 85.196.133.126
11/8/2014 21:38 Invalid attempt from client 85.196.133.126
11/8/2014 21:40 Invalid attempt from client 23.227.196.20
11/8/2014 21:41 Invalid attempt from client 85.196.133.126
11/8/2014 21:44 Invalid attempt from client 85.196.133.126
11/8/2014 21:45 Invalid attempt from client 85.196.133.126
11/8/2014 21:47 Invalid attempt from client 85.196.133.126
11/8/2014 21:48 Invalid attempt from client 23.227.196.20
11/8/2014 21:48 Invalid attempt from client 85.196.133.126
11/8/2014 21:49 Invalid attempt from client 85.196.133.126
11/8/2014 21:50 Invalid attempt from client 85.196.133.126
11/8/2014 21:50 Invalid attempt from client 85.196.133.126
11/8/2014 21:51 Invalid attempt from client 85.196.133.126
11/8/2014 21:52 Invalid attempt from client 85.196.133.126
11/8/2014 21:54 Invalid attempt from client 85.196.133.126
11/8/2014 21:56 Invalid attempt from client 85.196.133.126
11/8/2014 21:56 Invalid attempt from client 23.227.196.20
11/8/2014 21:56 Invalid attempt from client 85.196.133.126
11/8/2014 21:57 Invalid attempt from client 85.196.133.126
11/8/2014 22:04 Invalid attempt from client 23.227.196.20
11/8/2014 22:12 Invalid attempt from client 23.227.196.20
11/8/2014 22:20 Invalid attempt from client 23.227.196.20
11/8/2014 22:28 Invalid attempt from client 23.227.196.20
11/8/2014 22:36 Invalid attempt from client 23.227.196.20
12/8/2014 19:00 Invalid attempt from client 80.82.78.170
12/8/2014 22:02 Invalid attempt from client 80.82.78.170
13/8/2014 10:07 Invalid attempt from client 80.82.78.170
13/8/2014 13:10 Invalid attempt from client 80.82.78.170
15/8/2014 18:52 Invalid attempt from client 223.4.150.157
16/8/2014 10:39 Invalid attempt from client 121.14.143.157

guess I should change my port setting ???
any other idea ?
Is this normal ????

what to look fo rin the windows event log ?

[Rudi De Vos]

Use the encryption plugins... special when you are direct connected to the internet.
Using the plugins you can set a longer password or use a predefined key.
( Both server + viewer need to have the same key)
There is nothing you can do to prevent people to try to access your system.
If you have RDP.... you see about 50/min people trying to access your system.
The only thing you can do is to make sure your password is big enough or using an extra key.

[ruckb]

Hi Rudi,

thanks for the hints ..
I have two routers (due to current Internet setup), but both are configured via port forwarding.
Normally I have configured some "Slaves" for NVC access with the encryption plugins .. but the master was without ..
Guess this is daily business these days
Any chance to avoid these Scans (but still allowing me to connect via internet ..) ?

Hermann

[ruckb]

Hello,

I made a fresh install, but i don't find a mslogon.log in this directory.
Any idea where this would be stored, or why it's not generated ?

thanks and regards

Hermann

[Rudi De Vos]

logging.dll is required in same folder as winvnc.exe