vncserver

[Rick Stevens]

Stewart Walker wrote:
>>  Are you simply referring to attempts on the port or actual vnc login
>>  attempts that fail?
> 
> looks lie actual vnc login attempts to me. Haven't been watching the port.
> ..
> 
> /var/log/samba/*.log files
> 
> every connection attempt leaves a log file with the client name or ip 
> address.
> 
> file contents will contain status of the connection or any errors generated.

Wait, you asked about vnc login attempts not samba attempts.  Which are
we dealing with here?

I think vnc logins are logged in /var/log/messages or /var/log/secure.
You can also check the "lastlog" command.  Samba attempts are where you
think they are (/var/log/samba).

Note that if you're not behind a firewall that blocks outside access to
your samba shares, you're asking for hack attempts and that may be what
you're seeing.

That's how a massive number of zombie machines are created and used in a
DDOS attack--by stupid people sharing files under Windows and letting
just anyone access them.

If you're going to use any file sharing at all (Samba, NFS, whatever),
set up a firewall with strict rules about who's allowed to do what.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-           Vegetarian:  Old Indian word for "lousy hunter"          -
----------------------------------------------------------------------