School blocked me out because of Remote Desktop!!!

Discussion in 'Mac Apps and Mac App Store' started by ZeeG, Jul 21, 2006.

  1. ZeeG macrumors member

    May 24, 2005
    I've got a message from my school this morning saying that they removed my machine from the network because they found inappropriate traffics from my machine. At first, I thouhgt my machine (MacBook Pro) has been hacked or something.

    Later, I realized that I used "Remote Desktop 3" this morning.
    However, the problem was, I hit the "Scanner" by mistake, and it scanned the machines in the network for few minutes - according to their data, for about a minute. I never used the "scanner" until today because I didn't need to. :(

    Anyway, after finding the problem, I emailed them saying that it was the scanner function in the Apple Remote Desktop 3 and there is no way to turn it off as far as I know. And also said I will not use it anymore and I think it is not dangerous function, I believe...

    After that the guy replied as follow..
    "... We do not *know* with any cetainty that you might not turn evil and attempt to connect to other computers on the network, nor that your computer is and always will be secure. We cannot tell if your particular traffic is innocuous or malicous in nature until or unless something happens...."
    And they will not reactive my network connection until I turn off the scanner function.

    Isn't it stupid? How to reply to them? Is there any way to turn off the scanner function?
  2. XNine macrumors 68040


    Apr 7, 2005
    Why are you wearing that stupid man suit?
    What are you using ARD3 for any way at a school? You do know that ARD can control more than just other Mac machines, right?

    They have rules like this because there are so many people who port scan. Think they can make an acception for one student? How about 2? Or 5? Why not let everyone on campus get away with doing it? Because these schools have lost MILLIONS of identities, school records, and anything else you can think of because of hackers and script kiddies.

    If you need to use it then get off their network.
  3. ZeeG thread starter macrumors member

    May 24, 2005
    Wow, aggressive. Is there any reason for being aggressive like that?
    OK, I use ARD because I have three servers to control.
    Two of them are in campus and the other one is out of my campus.
    Plus, I'm taking care of my mom's computer since she is not very good at computer maintenance. Did I answer to your curiousty?
  4. SC68Cal macrumors 68000

    Feb 23, 2006
    Well, it is your fault for port scanning the entire network. I mean really, did you just think that they wouldn't spot something like that?

    Port scanning these days is not really such a wise idea, most of the time there is very little reason for legitimate port scanning, compared to the number of times it is abused.

    Do yourself a favor, just use SSH connections from now on.

    EDIT: Onizuka, finally remembered why your Avatar looks so familiar. Hau Ruck son.
  5. theBB macrumors 68020


    Jan 3, 2006
  6. yellow Moderator emeritus


    Oct 21, 2003
    Portland, OR
    I can see it from both sides.. you made a mistake. It's lame that you get punished so severely for it.
    From their standpoint, just because you SAY it's a mistake doesn't mean anything and they have to protect their neck.

    FWIW, there's a couple things you can do.

    In ARD(2), a subnet scanner poles on UDP 3283, and (apparently) ICMP (there's no ports associated with ICMP) as well. So you can try to block OUTGOING 3283UDP and all out ICMP traffic. This shouldn't effect any real functionality, other than being totally unable to ping computers (and not have the subnet scanner function). This should effectively "turn off" the subnet scanner.

    And/Or, you can get yourself a router and put it between your Mac and your Uni network. That way you'll be pulling a private IP from the DHCP pool on the router and if you accidently scan the subnet, it SHOULD stay within the private subnet of the router. I say should because I can only test with ARD2.x. Again, this should effectively "turn off" the subnet scanner.
  7. ZeeG thread starter macrumors member

    May 24, 2005
    It is resolved somehow.
    They took a look at the software and finally found the scanning function is not dangerous.
    Using VNC is a good solution, and actually I used it long time ago, but it isn't it natural to use the one with better performance and more convenient?
    And SSH is not just a replacement for remote desktop. I'm also using SSH.
  8. ZeeG thread starter macrumors member

    May 24, 2005
    Thanks for your advice. I think this is the only solution for the problem.
  9. XNine macrumors 68040


    Apr 7, 2005
    Why are you wearing that stupid man suit?
    Sorry, but I'm blunt. I wasn't trying to be offensive. It's just that universities tend to be extremely strict these days with technology, mainly because they hire brain-dead IT techs who think MSCE is the end-all be-all of IT degrees.

    I know it was an accident but those kinds of accidents cause more trouble for you.
  10. ITASOR macrumors 601


    Mar 20, 2005
    At least you know they actually monitor their network and are keeping track of what's going on. That's always a good thing.
  11. SC68Cal macrumors 68000

    Feb 23, 2006
    Well. I do agree with your viewpoint about MSCE, however, even I get slightly unsettled when someone is port scanning the network, usually because normal users have no clue what it is let alone how to do it, and the ones that do know how to use it usually are doing it for questionable purposes.

    Don't forget all the "owned" zombie networks and boxes out there, all they do is port scans looking for targets.

Share This Page