VNC Logs

[hoonu]

Is there a way to pull up VNC logs from a Mac? I have a friend who has been victim to 2 remote attacks and he did not get the IP address unfortunately. The most recent attack came while he was watching TV and they started playing music on his mac and then started browsing spotlight.

In a panic he disconnected them and did not get the IP address except for the first 2 numbers.

Is there a way to pull up any connection logs? Since they are not actively connected, I ruled out Netstat.

Any help would be greatly appreciated. Thanks.

 

[angelwatt]

Console (/Applications/Utilities) stores access to most logs. What VNC server was he using? Different apps store logs in different areas. VNC on its own isn't secure at all due to it transmitting the password in plain text. Access to it should only be turned on when it's needed. Also you can use an SSH tunnel for VNC, which will encrypt transmission that will allow for some more security. For myself, I only need VNC within my network so I block all outside connections.

 

[hoonu]

Console (/Applications/Utilities) stores access to most logs. What VNC server was he using? Different apps store logs in different areas. VNC on its own isn't secure at all due to it transmitting the password in plain text. Access to it should only be turned on when it's needed. Also you can use an SSH tunnel for VNC, which will encrypt transmission that will allow for some more security. For myself, I only need VNC within my network so I block all outside connections.

Thanks for the reply.

He was using the built in screen sharing. He had a VERY weak password. I advised against it many times. I guess he learned his lesson.

We were able to get the IP from his router as it logged the connections but we found the person was located in Romania. I doubt there is little we can do on our end from this point other than securing the system better. I would love to prosecute someone over this tho.

 

[angelwatt]

We were able to get the IP from his router as it logged the connections but we found the person was located in Romania. I doubt there is little we can do on our end from this point other than securing the system better. I would love to prosecute someone over this tho.

Also, there's no telling if that was really his IP. A lot of those people use proxies that hide their actual IP address. It's not worth the effort to try and take legal actions against the person even if they're down the street.

 

[hoonu]

Also, there's no telling if that was really his IP. A lot of those people use proxies that hide their actual IP address. It's not worth the effort to try and take legal actions against the person even if they're down the street.

This definitely wasn't a proxy as I tracked it down to a Counter-Strike user. Silly thing is that he used his real last name as his Steam name. I have hookups at Valve but I wont pull those strings.

I thought about the proxy but as I said, he had been logged on multiple sites using the ip and they all contain the same user and this is over different days.

I would most certainly go after them as this **** has no place on the net. If anything... to scare the **** out of them. If you could only see the skinny pip-squeak.