dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
573
share rss forum feed

highwire2007

join:2008-05-17
Nepean, ON

Slow upload speeds

I guess I can't blame TekSavvy for this one:

I had thousands of these in my logs on Dec. 8:

Dec 8 18:45:06 Mac-mini-2006 /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer[89732]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 203.211.146.32 :: Type: VNC DES
Dec 8 18:45:43: --- last message repeated 43 times ---
Dec 8 18:45:51 Mac-mini-2006 /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer[89732]: Authentication: FAILED :: User Name: N/A :: Viewer Address: 203.211.146.32 :: Type: VNC DES
Dec 8 18:46:27: --- last message repeated 47 times ---


Somebody from Singapore is really motivated to access this computer. This reinforces the advice to use a really strong password and keep those security updates current on any computer that faces the internet.


squircle

join:2009-06-23
Oakville, ON
Don't flatter yourself, it's not just your computer. I have gigabytes of logs from people all around the world trying to access my machines; my mail logs show that I send about 27 emails a day to abuse@ addresses (which are triggered when there are >15 login attempts). I've even had to send a few to Teksavvy, I guess a few people fell prey to various infections and were SSH probing.

But you're totally right, don't use passwords (for things that can use key-based authentication) and keep up-to-date. FWIW, Singapore is only about 3% of the traffic to my SSH daemons, most of it is Korea, China and the 'States.

Here's something you may want to try so you don't have to rely on passwords/exposed VNC: you could always set up Apple's VNC viewer to listen on localhost only, open a SSH tunnel from your remote computer and connect to vnc://localhost:12345. Just a thought.


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
reply to highwire2007
1) How is this related to slow upload speeds?

2) Change default port + random password and you will be fine.

3) Most of my SSH probs come from China + Russia, but fail2ban handles those perfectly. Only really monitor my servers but I wonder if people's home PCs behind consumer routers are also constantly being probbed too...I'd assume so but I never check my home linux or os x logs....
--
www.613websites.com Budget Canadian Web Design and Hosting

highwire2007

join:2008-05-17
Nepean, ON

2 edits
I was getting hundreds of probes per minute- that's how it affected my upload speed - because, you know, my computer is RESPONDING to the probes with login screens and so on. I know, I know, you're going to tell me why I'm wrong. You guys always do.

Not quite a denial of service, but getting there. This lasted a good couple of hours, during which I noticed my upload was crawling, which is why I checked my logs.

I do have SSH + socks already set up for VPNing from work, so it should be pretty simple to add VNC to that.


jmck
formerly 'shaded'

join:2010-10-02
Ottawa, ON
if you turn on the require password in the settings under sharing in system prefs then your VNC server won't actually send any bits related to the video unless it has a valid password.


d4m1r

join:2011-08-25
Reviews:
·Start Communicat..
reply to highwire2007
No, now it makes sense but you didn't specify that at first.

Also, it would have to be many probs a second and your upload would have to be really low (under 1mb?) but I see how it could be possible to bump you offline.
--
www.613websites.com Budget Canadian Web Design and Hosting