How do I monitor incoming connections (particularly VNC connections)?

Discussion in 'Mac Apps and Mac App Store' started by loudguitars, Apr 18, 2007.

  1. loudguitars macrumors member

    Nov 3, 2004
    I use VNC quite a bit with my PowerBook at home, so I leave the VNC ports open on my firewall and router. This, however, leaves me a touch paranoid about potential malfeasance should someone crack my password, and I was wondering if there's any way to monitor incoming connections from the internet.

    Cursory Googling comes up dry, does anyone here have any suggestions?
  2. ChrisA macrumors G4

    Jan 5, 2006
    Redondo Beach, California
    I use VNC too. Just checked my log files. Some guy on the 12th tried to log in using user "vnc" and no password. My system is set up a little better then that. But it goes to show the treat is real. The server when it starts up has some command line options one of them controls logging. You can set it to be quite verbose if you want

    You could simply scan the logs periodically or if more paranoid use a remote syslog server setup to send email on various conditions. I don't go that far on my home system but set up some at work like that. syslog is very configurable (see man syslog.conf
  3. JNB macrumors 604


    Oct 7, 2004
    In a Hell predominately of my own making
    Is that why I have cookies on my computer? :p

    Sorry, that was just too easy. You oughta see my typos...
  4. loudguitars thread starter macrumors member

    Nov 3, 2004
    So, bit of a dumb question, but how exactly does one check said logs? I went to the terminal and typed in syslog, but that didn't show any VNC activity (including my own login via VNC earlier today).
  5. M2y2Kel macrumors newbie

    May 8, 2008
  6. DoFoT9 macrumors P6


    Jun 11, 2007
  7. Plusbits macrumors member


    May 4, 2008
    Birmingham, UK
    Try Little Snitch
    Don't personally use it myself, but it seems the best from what I've read and heard
  8. boast macrumors 65816


    Nov 12, 2007
    Phoenix, USA
  9. jzuena macrumors 6502a


    Feb 21, 2007
    Lexington, MA, USA
    What VNC server are you using? If it is Vines, it already logs to ~/Library/Logs/VineServer.log, so you can monitor that file through the Console utility.

    If you have a consumer firewall/router it should allow outbound connections from your machine to the Internet on port 5901 already, so I assume this is to allow you to get to your machine from the outside? If so, you might want to look into using ssh to connect to your computer from the Internet and then tunnel the VNC through ssh. In addition to encrypting everything, ssh can use additional authentication methods than just simple passwords. You can create public keypairs for free and bring your private key along on a USB memory stick. You can then log all ssh connections through syslog (default location is /var/log/auth.log) and monitor that in addition to the VNC connection logs.

Share This Page