vncserver
Rick Stevens
rstevens at vitalstream.com
Fri Apr 30 18:52:41 UTC 2004
Stewart Walker wrote:
>> Are you simply referring to attempts on the port or actual vnc login
>> attempts that fail?
>
> looks lie actual vnc login attempts to me. Haven't been watching the port.
> ..
>
> /var/log/samba/*.log files
>
> every connection attempt leaves a log file with the client name or ip
> address.
>
> file contents will contain status of the connection or any errors generated.
Wait, you asked about vnc login attempts not samba attempts. Which are
we dealing with here?
I think vnc logins are logged in /var/log/messages or /var/log/secure.
You can also check the "lastlog" command. Samba attempts are where you
think they are (/var/log/samba).
Note that if you're not behind a firewall that blocks outside access to
your samba shares, you're asking for hack attempts and that may be what
you're seeing.
That's how a massive number of zombie machines are created and used in a
DDOS attack--by stupid people sharing files under Windows and letting
just anyone access them.
If you're going to use any file sharing at all (Samba, NFS, whatever),
set up a firewall with strict rules about who's allowed to do what.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer rstevens at vitalstream.com -
- VitalStream, Inc. http://www.vitalstream.com -
- -
- Vegetarian: Old Indian word for "lousy hunter" -
----------------------------------------------------------------------
More information about the Redhat-install-list
mailing list