General discussion

Locked

VNC

By jhayesit ·
Hello guys,

I am the Network Admin for a middle school and i use VNC
3.3.4 to connect to all desktops. Recently i had a student connect
to one of the teacher desktop through VNC and delete some files,
I do have a password to connect but i think he cracked it. Anyways what
i am trying to find out is, is there any way i can find out on VNC (teacher computer) who was the
last person connecting to that teacher computer? like ip address or hardware address etc? I want to track what computer they did it from, and also the student who did it.
any other suggestions will be really helpful.

thank you ,

jh

This conversation is currently closed to new comments.

5 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

VNC

by acattr In reply to VNC

no logging on the server side of vnc yet. But you have two options. If you have XP on the machine, enable the "internet connection firewall" option on the NIC properties. allow incoming connections for vnc by adding a service on port 5190. also enable the logging option.

If they are not running xp, you have two other options.

1. You can find a utility to monitor the computer, ex. http://tinyurl.com/7dec

2. if all else fails, I would run a command prompt, and run "netstat 30 > c:\log.txt". When you finish logging, press control-c. It will log every single incoming and outgoing connection every 30 seconds to c:\log.txt. if you put it in a script you can use the @echo off, so the command is not shown on screen. Example log.bat
>>>
@echo off
netstat 30 > c:\log.txt
>>>

Collapse -

VNC

by jhayesit In reply to VNC

Poster rated this answer

Collapse -

VNC

by WhW In reply to VNC

To prevent further breaches, I'd recommend installing a firewall on teacher pc's (several are availble freely) and configure it allow VNC only from a specific ip or range of ip's. As a bonus it would also provide the "logging" ability your looking for with considerally less "noise" than the netstat option. Using netstat, your logs will would grow very large, very quickly. Sorry, but I can't think of anything retro-active to help you catch your "hacker" unless perchance there might be something in the eventlog, but assumes your running an NT-based .

Collapse -

VNC

by jhayesit In reply to VNC

Poster rated this answer

Collapse -

VNC

by jhayesit In reply to VNC

This question was closed by the author

Back to Security Forum
5 total posts (Page 1 of 1)  

Related Discussions

Related Forums