How do I monitor incoming connections (particularly VNC connections)?

[loudguitars]

I use VNC quite a bit with my PowerBook at home, so I leave the VNC ports open on my firewall and router. This, however, leaves me a touch paranoid about potential malfeasance should someone crack my password, and I was wondering if there's any way to monitor incoming connections from the internet.

Cursory Googling comes up dry, does anyone here have any suggestions?

 

[ChrisA]

I use VNC quite a bit with my PowerBook at home, so I leave the VNC ports open on my firewall and router. This, however, leaves me a touch paranoid about potential malfeasance should someone crack my password, and I was wondering if there's any way to monitor incoming connections from the internet.

Cursory Googling comes up dry, does anyone here have any suggestions?

I use VNC too. Just checked my log files. Some guy on the 12th tried to log in using user "vnc" and no password. My system is set up a little better then that. But it goes to show the treat is real. The server when it starts up has some command line options one of them controls logging. You can set it to be quite verbose if you want

You could simply scan the logs periodically or if more paranoid use a remote syslog server setup to send email on various conditions. I don't go that far on my home system but set up some at work like that. syslog is very configurable (see man syslog.conf

 

[JNB]

I use VNC too. Just checked my log files. Some guy on the 12th tried to log in using user "vnc" and no password. My system is set up a little better then that. But it goes to show the treat is real.

Is that why I have cookies on my computer?

Sorry, that was just too easy. You oughta see my typos...

 

[loudguitars]

You could simply scan the logs periodically or if more paranoid use a remote syslog server setup to send email on various conditions. I don't go that far on my home system but set up some at work like that. syslog is very configurable (see man syslog.conf

So, bit of a dumb question, but how exactly does one check said logs? I went to the terminal and typed in syslog, but that didn't show any VNC activity (including my own login via VNC earlier today).

 

[M2y2Kel]

So, bit of a dumb question, but how exactly does one check said logs? I went to the terminal and typed in syslog, but that didn't show any VNC activity (including my own login via VNC earlier today).

http://www.realvnc.com/support/serverlog.html

 

[DoFoT9]

http://www.realvnc.com/support/serverlog.html

and on a mac??

 

[Plusbits]

Try Little Snitch
Don't personally use it myself, but it seems the best from what I've read and heard

 

[boast]

and on a mac??

scroll

 

[jzuena]

I use VNC quite a bit with my PowerBook at home, so I leave the VNC ports open on my firewall and router. This, however, leaves me a touch paranoid about potential malfeasance should someone crack my password, and I was wondering if there's any way to monitor incoming connections from the internet.

Cursory Googling comes up dry, does anyone here have any suggestions?

What VNC server are you using? If it is Vines, it already logs to ~/Library/Logs/VineServer.log, so you can monitor that file through the Console utility.

If you have a consumer firewall/router it should allow outbound connections from your machine to the Internet on port 5901 already, so I assume this is to allow you to get to your machine from the outside? If so, you might want to look into using ssh to connect to your computer from the Internet and then tunnel the VNC through ssh. In addition to encrypting everything, ssh can use additional authentication methods than just simple passwords. You can create public keypairs for free and bring your private key along on a USB memory stick. You can then log all ssh connections through syslog (default location is /var/log/auth.log) and monitor that in addition to the VNC connection logs.