主页 / ubuntu / 问题 / 1067305
Accepted
Tim
Asked: 2018-08-21 13:56:53 +0800 CST

我的 Vino 服务器是否受到攻击?

  • 772

我在 LUbuntu 18.04 上安装了 vino,并根据https://askubuntu.com/a/530196/1471配置并启动了我的 vino 服务器,但不了解这些命令的含义:

$ export DISPLAY=:0
$ gsettings set org.gnome.Vino enabled true # although fails, it doesn't matter
No such key “enabled”
$ gsettings set org.gnome.Vino prompt-enabled false
$ gsettings set org.gnome.Vino require-encryption false    
$ /usr/lib/vino/vino-server

从和启动服务器的输出消息中,我发现服务器的内部ip是192.168.1.3,端口是5900。我在同一个WIFI网络内从我的Android手机上的RealVNC的VNC查看器ifconfig连接到服务器,并且认证我只是要求提供的是登录我的 Ubuntu 的密码。我们的wifi网络是前一个租户搭建的,ISP是Verizon FIOS,没有特别设置。

在服务器的监控输出信息中(见下图),我只能猜到android-c28b29b650f6548c.home是我安卓手机上的客户端,但我不知道客户端、、、46.101.184.149和属于谁,除了发现以下内容zg-0817a-64.stretchoid.com196.52.43.118scan-06.shadowserver.org

问题:

  • 我的vino服务器正在从我的android手机上的客户端以外的一些危险客户端访问是否正确?

  • 我没有尝试明确地做任何事情来使我的 vino 服务器可用于 Internet(或者我不知道我这样做了),那么这些客户端如何从 Internet 找到并连接我的服务器?

  • 我如何检查我的 Ubuntu 以查看它们是否造成了一些损坏?

  • 如有必要,我可以做些什么来安全地使用我的 VNC 服务器?

谢谢。

$ /usr/lib/vino/vino-server

(vino-server:32529): dbind-WARNING **: 19:44:12.185: Error retrieving accessibility bus address: org.freedesktop.DBus.Error.ServiceUnknown: The name org.a11y.Bus was not provided by any .service files
19/08/2018 07:44:12 PM Autoprobing TCP port in (all) network interface
19/08/2018 07:44:12 PM Listening IPv6://[::]:5900
19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900
19/08/2018 07:44:12 PM Autoprobing selected port 5900
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface
19/08/2018 07:44:12 PM Listening IPv6://[::]:5900
19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Advertising authentication type: 'No Authentication' (1)
19/08/2018 07:44:12 PM Re-binding socket to listen for VNC connections on TCP port 5900 in (all) interface
19/08/2018 07:44:12 PM Listening IPv6://[::]:5900
19/08/2018 07:44:12 PM Listening IPv4://0.0.0.0:5900
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Clearing authTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Advertising authentication type: 'VNC Authentication' (2)
19/08/2018 07:44:12 PM Clearing securityTypes
19/08/2018 07:44:12 PM Clearing authTypes
19/08/2018 07:44:12 PM Advertising security type: 'TLS' (18)
19/08/2018 07:44:12 PM Advertising authentication type: 'VNC Authentication' (2)
19/08/2018 07:44:12 PM Advertising security type: 'VNC Authentication' (2)
19/08/2018 07:44:17 PM [IPv4] Got connection from client android-c28b29b650f6548c.home
19/08/2018 07:44:17 PM   other clients:
19/08/2018 07:44:17 PM Client Protocol Version 3.7
19/08/2018 07:44:17 PM Advertising security type 18
19/08/2018 07:44:17 PM Advertising security type 2
19/08/2018 07:44:17 PM Client returned security type 2

** (vino-server:32529): WARNING **: 19:44:28.888: VNC authentication failure from 'android-c28b29b650f6548c.home'

19/08/2018 07:44:28 PM rfbAuthPasswordChecked: password check failed
19/08/2018 07:44:28 PM Client android-c28b29b650f6548c.home gone
19/08/2018 07:44:28 PM Statistics:
19/08/2018 07:44:28 PM   framebuffer updates 0, rectangles 0, bytes 0
19/08/2018 07:44:30 PM [IPv4] Got connection from client android-c28b29b650f6548c.home
19/08/2018 07:44:30 PM   other clients:
19/08/2018 07:44:30 PM Client Protocol Version 3.7
19/08/2018 07:44:30 PM Advertising security type 18
19/08/2018 07:44:30 PM Advertising security type 2
19/08/2018 07:44:30 PM Client returned security type 2

** (vino-server:32529): WARNING **: 19:44:40.531: Deferring authentication of 'android-c28b29b650f6548c.home' for 5 seconds

19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 22
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 21
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type 15
19/08/2018 07:44:45 PM rfbProcessClientNormalMessage: ignoring unknown encoding type -314
19/08/2018 07:44:45 PM Enabling NewFBSize protocol extension for client android-c28b29b650f6548c.home
19/08/2018 07:44:45 PM Pixel format for client android-c28b29b650f6548c.home:
19/08/2018 07:44:45 PM   8 bpp, depth 6
19/08/2018 07:44:45 PM   true colour: max r 3 g 3 b 3, shift r 4 g 2 b 0
19/08/2018 07:44:45 PM Pixel format for client android-c28b29b650f6548c.home:
19/08/2018 07:44:45 PM   32 bpp, depth 24, little endian
19/08/2018 07:44:45 PM   true colour: max r 255 g 255 b 255, shift r 16 g 8 b 0
19/08/2018 07:44:45 PM no translation needed

Gtk-Message: 20:43:41.511: GtkDialog mapped without a transient parent. This is discouraged.
Gtk-Message: 20:43:44.339: GtkDialog mapped without a transient parent. This is discouraged.
Gtk-Message: 20:43:52.072: GtkDialog mapped without a transient parent. This is discouraged.
19/08/2018 10:39:57 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:39:57 PM   other clients:
19/08/2018 10:39:57 PM      android-c28b29b650f6548c.home
19/08/2018 10:39:57 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 22:39:57.238: VNC authentication failure from '46.101.184.149'

19/08/2018 10:39:57 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:39:57 PM Client 46.101.184.149 gone
19/08/2018 10:39:57 PM Statistics:
19/08/2018 10:39:57 PM   framebuffer updates 0, rectangles 0, bytes 0
19/08/2018 10:43:41 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:43:41 PM   other clients:
19/08/2018 10:43:41 PM      android-c28b29b650f6548c.home
19/08/2018 10:43:41 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 22:43:41.812: Deferring authentication of '46.101.184.149' for 5 seconds


** (vino-server:32529): WARNING **: 22:43:47.449: VNC authentication failure from '46.101.184.149'

19/08/2018 10:43:47 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:47:27 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:47:27 PM   other clients:
19/08/2018 10:47:27 PM      46.101.184.149
19/08/2018 10:47:27 PM      android-c28b29b650f6548c.home
19/08/2018 10:47:27 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 22:47:27.692: Deferring authentication of '46.101.184.149' for 5 seconds


** (vino-server:32529): WARNING **: 22:47:32.452: VNC authentication failure from '46.101.184.149'

19/08/2018 10:47:32 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:51:12 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:51:12 PM   other clients:
19/08/2018 10:51:12 PM      46.101.184.149
19/08/2018 10:51:12 PM      46.101.184.149
19/08/2018 10:51:12 PM      android-c28b29b650f6548c.home
19/08/2018 10:51:12 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 22:51:12.833: Deferring authentication of '46.101.184.149' for 5 seconds


** (vino-server:32529): WARNING **: 22:51:18.448: VNC authentication failure from '46.101.184.149'

19/08/2018 10:51:18 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:54:58 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:54:58 PM   other clients:
19/08/2018 10:54:58 PM      46.101.184.149
19/08/2018 10:54:58 PM      46.101.184.149
19/08/2018 10:54:58 PM      46.101.184.149
19/08/2018 10:54:58 PM      android-c28b29b650f6548c.home
19/08/2018 10:54:58 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 22:54:58.339: Deferring authentication of '46.101.184.149' for 5 seconds


** (vino-server:32529): WARNING **: 22:55:03.449: VNC authentication failure from '46.101.184.149'

19/08/2018 10:55:03 PM rfbAuthPasswordChecked: password check failed
19/08/2018 10:58:43 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 10:58:43 PM   other clients:
19/08/2018 10:58:43 PM      46.101.184.149
19/08/2018 10:58:43 PM      46.101.184.149
19/08/2018 10:58:43 PM      46.101.184.149
19/08/2018 10:58:43 PM      46.101.184.149
19/08/2018 10:58:43 PM      android-c28b29b650f6548c.home
19/08/2018 10:58:43 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 22:58:43.756: Deferring authentication of '46.101.184.149' for 5 seconds


** (vino-server:32529): WARNING **: 22:58:49.448: VNC authentication failure from '46.101.184.149'

19/08/2018 10:58:49 PM rfbAuthPasswordChecked: password check failed

19/08/2018 11:02:28 PM [IPv4] Got connection from client 46.101.184.149
19/08/2018 11:02:28 PM   other clients:
19/08/2018 11:02:28 PM      46.101.184.149
19/08/2018 11:02:28 PM      46.101.184.149
19/08/2018 11:02:28 PM      46.101.184.149
19/08/2018 11:02:28 PM      46.101.184.149
19/08/2018 11:02:28 PM      46.101.184.149
19/08/2018 11:02:28 PM      android-c28b29b650f6548c.home
19/08/2018 11:02:28 PM Client Protocol Version 3.3

** (vino-server:32529): WARNING **: 23:02:28.345: Deferring authentication of '46.101.184.149' for 5 seconds


** (vino-server:32529): WARNING **: 23:02:33.449: VNC authentication failure from '46.101.184.149'

19/08/2018 11:02:33 PM rfbAuthPasswordChecked: password check failed
19/08/2018 11:30:51 PM [IPv4] Got connection from client zg-0817a-64.stretchoid.com
19/08/2018 11:30:51 PM   other clients:
19/08/2018 11:30:51 PM      46.101.184.149
19/08/2018 11:30:51 PM      46.101.184.149
19/08/2018 11:30:51 PM      46.101.184.149
19/08/2018 11:30:51 PM      46.101.184.149
19/08/2018 11:30:51 PM      46.101.184.149
19/08/2018 11:30:51 PM      46.101.184.149
19/08/2018 11:30:51 PM      android-c28b29b650f6548c.home
19/08/2018 11:31:01 PM rfbProcessClientProtocolVersion: client gone
19/08/2018 11:31:01 PM Client zg-0817a-64.stretchoid.com gone
19/08/2018 11:31:01 PM Statistics:
19/08/2018 11:31:01 PM   framebuffer updates 0, rectangles 0, bytes 0
sendto: Network is unreachable
sendto: Network is unreachable
20/08/2018 10:37:54 AM rfbProcessClientNormalMessage: read: Connection reset by peer
20/08/2018 10:37:54 AM Client android-c28b29b650f6548c.home gone
20/08/2018 10:37:54 AM Statistics:
20/08/2018 10:37:54 AM   key events received 32, pointer events 3932
20/08/2018 10:37:54 AM   framebuffer updates 7016, rectangles 13714, bytes 270216867
20/08/2018 10:37:54 AM     ZRLE rectangles 13714, bytes 270216867
20/08/2018 10:37:54 AM   raw bytes equivalent 538553044, compression ratio 1.993040
20/08/2018 02:15:10 PM [IPv4] Got connection from client 196.52.43.118
20/08/2018 02:15:10 PM   other clients:
20/08/2018 02:15:10 PM      46.101.184.149
20/08/2018 02:15:10 PM      46.101.184.149
20/08/2018 02:15:10 PM      46.101.184.149
20/08/2018 02:15:10 PM      46.101.184.149
20/08/2018 02:15:10 PM      46.101.184.149
20/08/2018 02:15:10 PM      46.101.184.149
20/08/2018 02:15:10 PM Client Protocol Version 3.7
20/08/2018 02:15:10 PM Advertising security type 18
20/08/2018 02:15:10 PM Advertising security type 2
20/08/2018 02:15:10 PM Client returned security type 1
20/08/2018 02:15:10 PM rfbAuthProcessSecurityTypeMessage: client returned unadvertised security type 1
20/08/2018 02:15:10 PM Client 196.52.43.118 gone
20/08/2018 02:15:10 PM Statistics:
20/08/2018 02:15:10 PM   framebuffer updates 0, rectangles 0, bytes 0
20/08/2018 02:31:26 PM [IPv4] Got connection from client scan-06.shadowserver.org
20/08/2018 02:31:26 PM   other clients:
20/08/2018 02:31:26 PM      46.101.184.149
20/08/2018 02:31:26 PM      46.101.184.149
20/08/2018 02:31:26 PM      46.101.184.149
20/08/2018 02:31:26 PM      46.101.184.149
20/08/2018 02:31:26 PM      46.101.184.149
20/08/2018 02:31:26 PM      46.101.184.149
20/08/2018 02:31:28 PM rfbProcessClientProtocolVersion: client gone
20/08/2018 02:31:28 PM Client scan-06.shadowserver.org gone
20/08/2018 02:31:28 PM Statistics:
20/08/2018 02:31:28 PM   framebuffer updates 0, rectangles 0, bytes 0
security vnc vino 18.04

1 个回答

  1. Best Answer

    使用 SSH 为 VNC 提供安全连接。作为奖励,这意味着连接可以使用您现有的安全 SSH 密钥,而不是难以记住或不安全的密码。

    它的工作原理和设置方法在https://help.ubuntu.com/community/VNC有详细说明

    由于您的 VNC 服务器可能已被入侵,请练习安全计算并核对并重新安装该 Ubuntu 实例。

    • 2

相关问题