nmap returns 5900/tcp open vnc, have I been hacked??
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
nmap returns 5900/tcp open vnc, have I been hacked??
Nmap -sT -O returned "5900/tcp open vnc. Never saw this before. I googled it and found it may mean someone remotely viewing my box. Running SL6 with small KVM based virtual network. "/sbin/service vnc status" returns "unrecognized service", "/etc/init.d/vnc" returns "no such file or directory" "rpm -q vnc" returns "package vnc not installed". Prior to this I yum installed telnet to use xhost to access a gui on my old dell box running fc12. No luck, I gave up for the time being. This only occurs when I have a vm up and running. Did my xhost experiment do this or have I been cracked. Never saw this before on many installs of both host and guest machines. Any help would be greatly appreciated. Thanks in advance folks. cbider
- Unless you enabled service checking (-sV) nmap uses its own static service mapping, kind of like /etc/services, to simply match ports with service names.
- Some virtualization methods come with built-in VNC capabilities.
- A port being bound by a service does not automagically mean it's cracked, nonetheless you should not (need to) run stale, unmaintained, vulnerable Fedora releases and neither should you prefer telnet over SSH.
* Try to connect to the port when the VM is up to determine what service it actually is.
If you're using some redhat derivative you want to use service vncserver status but as mentioned many other programs can provide vnc server services. For example, kvm and virt-manager use vnc to show virtual machine consoles. You can use netstat -aln to identify the process that's listening on 5900.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.