nmap returns 5900/tcp open vnc, have I been hacked??
Nmap -sT -O returned "5900/tcp open vnc. Never saw this before. I googled it and found it may mean someone remotely viewing my box. Running SL6 with small KVM based virtual network. "/sbin/service vnc status" returns "unrecognized service", "/etc/init.d/vnc" returns "no such file or directory" "rpm -q vnc" returns "package vnc not installed". Prior to this I yum installed telnet to use xhost to access a gui on my old dell box running fc12. No luck, I gave up for the time being. This only occurs when I have a vm up and running. Did my xhost experiment do this or have I been cracked. Never saw this before on many installs of both host and guest machines. Any help would be greatly appreciated. Thanks in advance folks. cbider
|
- Unless you enabled service checking (-sV) nmap uses its own static service mapping, kind of like /etc/services, to simply match ports with service names.
- Some virtualization methods come with built-in VNC capabilities. - A port being bound by a service does not automagically mean it's cracked, nonetheless you should not (need to) run stale, unmaintained, vulnerable Fedora releases and neither should you prefer telnet over SSH. * Try to connect to the port when the VM is up to determine what service it actually is. |
If you're using some redhat derivative you want to use service vncserver status but as mentioned many other programs can provide vnc server services. For example, kvm and virt-manager use vnc to show virtual machine consoles. You can use netstat -aln to identify the process that's listening on 5900.
|
netstat
What is listening on that port?
Code:
sudo netstat -nltp |
All times are GMT -5. The time now is 09:53 PM. |